VYPR

Maven package

org.wildfly.security/wildfly-elytron-http-oidc

pkg:maven/org.wildfly.security/wildfly-elytron-http-oidc

Vulnerabilities (2)

  • CVE-2024-12369MedDec 9, 2024
    affected >= 1.17.0.Final, < 2.2.9.Finalfixed 2.2.9.Final

    A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's o

  • CVE-2023-6236HigApr 10, 2024
    affected < 2.2.5.Finalfixed 2.2.5.Final

    A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issu