org.wildfly:wildfly-parent
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.wildfly:wildfly-parentpage 1 of 1
- CVE-2015-3198HIGHCVSS 7.5EG 7.5✓ Fixed in 9.0.0.CR22017-07-21
vulnerable: 8.1.0.Final ... 9.0.0.CR1 (7 versions)
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
- CVE-2016-0793HIGHCVSS 7.5EG 7.5✓ Fixed in 10.0.0.Final2016-04-01
vulnerable: 10.0.0.Alpha1 ... 9.0.2.Final (33 versions)
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META…
- CVE-2020-10740MEDIUMCVSS 6.6EG 6.6✓ Fixed in 20.0.0.Final2020-06-22
vulnerable: 10.0.0.Alpha1 ... 9.0.2.Final (67 versions)
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
- CVE-2020-25640MEDIUMCVSS 5.3EG 5.3✓ Fixed in 21.0.0.Final2020-11-24
vulnerable: 10.0.0.Alpha1 ... 9.0.2.Final (70 versions)
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
- CVE-2020-27822MEDIUMCVSS 5.9EG 5.9✓ Fixed in 22.0.0.Beta12020-12-08
vulnerable: 22.0.0.Alpha1
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw a…
- CVE-2021-3536MEDIUMCVSS 4.8EG 4.8✓ Fixed in 23.0.2.Final2021-05-20
vulnerable: 10.0.0.Alpha1 ... 9.0.2.Final (80 versions)
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Check whether org.wildfly:wildfly-parent is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.wildfly:wildfly-parent CVEs against the assets you own.
Start Free Scan →