Maven package
org.apereo.cas/cas-server-core-services-authentication
pkg:maven/org.apereo.cas/cas-server-core-services-authentication
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10754 | — | < 6.1.0-RC5 | 6.1.0-RC5 | Sep 23, 2019 | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. |
- CVE-2019-10754Sep 23, 2019affected < 6.1.0-RC5fixed 6.1.0-RC5
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.