Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01NDk5LXFqdmgtNmo3d84AApa3
Observable Discrepancy in Wildfly Elytron
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
Permalink: https://github.com/advisories/GHSA-5499-qjvh-6j7wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NDk5LXFqdmgtNmo3d84AApa3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-5499-qjvh-6j7w, CVE-2021-3642
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3642
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407
- https://github.com/advisories/GHSA-5499-qjvh-6j7w
Affected Packages
maven:org.wildfly.security:wildfly-elytron
Dependent packages: 156Dependent repositories: 353
Downloads:
Affected Version Ranges: = 1.16.0, >= 1.11.0, <= 1.15.4, <= 1.10.13
Fixed in: 1.16.1, 1.15.5, 1.10.14
All affected versions:
All unaffected versions: