Maven package
org.jgroups/jgroups
pkg:maven/org.jgroups/jgroups
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2141 | Cri | 9.8 | >= 3.3.0.Alpha1, < 3.6.10.Final | 3.6.10.Final | Jun 30, 2016 | It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to i | |
| CVE-2013-4112 | — | >= 3.0.0, < 3.2.9.Final | 3.2.9.Final | Sep 28, 2013 | The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. |
- affected >= 3.3.0.Alpha1, < 3.6.10.Finalfixed 3.6.10.Final
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to i
- CVE-2013-4112Sep 28, 2013affected >= 3.0.0, < 3.2.9.Finalfixed 3.2.9.Final
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.