VYPR

Maven package

org.openid4java/openid4java

pkg:maven/org.openid4java/openid4java

Vulnerabilities (1)

  • CVE-2011-4314Jan 27, 2012
    affected < 0.9.6fixed 0.9.6

    message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote a