VYPR

Maven package

org.apereo.cas/cas-server-support-shell

pkg:maven/org.apereo.cas/cas-server-support-shell

Vulnerabilities (1)

  • CVE-2019-10754Sep 23, 2019
    affected < 6.1.0-RC5fixed 6.1.0-RC5

    Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.