Maven package
org.wildfly.security/wildfly-elytron-realm-token
pkg:maven/org.wildfly.security/wildfly-elytron-realm-token
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1233 | Hig | 7.3 | <= 2.4.0.CR1 | — | Apr 9, 2024 | A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forge |
- affected <= 2.4.0.CR1
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forge