VYPR

Maven package

org.pac4j/pac4j-core

pkg:maven/org.pac4j/pac4j-core

Vulnerabilities (2)

  • CVE-2026-40458MedApr 17, 2026
    affected < 5.7.10fixed 5.7.10

    PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Imp

  • CVE-2023-25581CriOct 10, 2024
    affected < 4.0.0fixed 4.0.0

    pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited