Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4M3YtcncycS05Z3g3

Improper implementation of the session fixation protection in Infinispan

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Permalink: https://github.com/advisories/GHSA-6x3v-rw2q-9gx7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4M3YtcncycS05Z3g3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: 4 months ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-6x3v-rw2q-9gx7, CVE-2019-10158
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-10158
• https://github.com/infinispan/infinispan/pull/6960
• https://github.com/infinispan/infinispan/pull/7025
• https://github.com/infinispan/infinispan/commit/4b381c5910265972ccaabefbdbd16a2b929f6b72
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158
• https://github.com/infinispan/infinispan/pull/7043
• https://github.com/infinispan/infinispan/commits/9.4.15.Final/
• https://security.netapp.com/advisory/ntap-20231227-0009/
• https://github.com/advisories/GHSA-6x3v-rw2q-9gx7

Repository: https://github.com/infinispan/infinispan
Blast Radius: 35.4

Affected Packages