VYPR

Maven package

org.pac4j/pac4j-saml

pkg:maven/org.pac4j/pac4j-saml

Vulnerabilities (1)

  • CVE-2019-10755Sep 23, 2019
    affected < 3.8.2fixed 3.8.2

    The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac