VYPR

Maven package

org.wildfly.security/wildfly-elytron-realm-token

pkg:maven/org.wildfly.security/wildfly-elytron-realm-token

Vulnerabilities (1)

  • CVE-2024-1233HigApr 9, 2024
    affected <= 2.4.0.CR1

    A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forge