VYPR

Maven package

org.wildfly/wildfly-parent

pkg:maven/org.wildfly/wildfly-parent

Vulnerabilities (6)

  • CVE-2021-3536May 20, 2021
    affected < 23.0.2.Finalfixed 23.0.2.Final

    A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

  • CVE-2020-27822Dec 8, 2020
    affected >= 19.0.0.Final, < 21.0.2.Finalfixed 21.0.2.Final

    A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availabil

  • CVE-2020-25640Nov 24, 2020
    affected < 21.0.0.Finalfixed 21.0.0.Final

    A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

  • CVE-2020-10740Jun 22, 2020
    affected < 20.0.0.Finalfixed 20.0.0.Final

    A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

  • CVE-2015-3198HigJul 21, 2017
    affected >= 8.1.0.Final, < 9.0.0.CR2fixed 9.0.0.CR2

    The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

  • CVE-2016-0793HigApr 1, 2016
    affected < 10.0.0.Finalfixed 10.0.0.Final

    Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contain