Maven package
org.wildfly/wildfly-parent
pkg:maven/org.wildfly/wildfly-parent
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3536 | — | < 23.0.2.Final | 23.0.2.Final | May 20, 2021 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | ||
| CVE-2020-27822 | — | >= 19.0.0.Final, < 21.0.2.Final | 21.0.2.Final | Dec 8, 2020 | A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availabil | ||
| CVE-2020-25640 | — | < 21.0.0.Final | 21.0.0.Final | Nov 24, 2020 | A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | ||
| CVE-2020-10740 | — | < 20.0.0.Final | 20.0.0.Final | Jun 22, 2020 | A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. | ||
| CVE-2015-3198 | Hig | 7.5 | >= 8.1.0.Final, < 9.0.0.CR2 | 9.0.0.CR2 | Jul 21, 2017 | The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. | |
| CVE-2016-0793 | Hig | 7.5 | < 10.0.0.Final | 10.0.0.Final | Apr 1, 2016 | Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contain |
- CVE-2021-3536May 20, 2021affected < 23.0.2.Finalfixed 23.0.2.Final
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
- CVE-2020-27822Dec 8, 2020affected >= 19.0.0.Final, < 21.0.2.Finalfixed 21.0.2.Final
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availabil
- CVE-2020-25640Nov 24, 2020affected < 21.0.0.Finalfixed 21.0.0.Final
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
- CVE-2020-10740Jun 22, 2020affected < 20.0.0.Finalfixed 20.0.0.Final
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
- affected >= 8.1.0.Final, < 9.0.0.CR2fixed 9.0.0.CR2
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
- affected < 10.0.0.Finalfixed 10.0.0.Final
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contain