WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Information disclosure in JBoss Weld

Moderate severity GitHub Reviewed Published Jun 10, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.jboss.weld:weld-core-bom (Maven)

Affected versions

< 2.2.8

Patched versions

2.2.8

Description

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

References

Reviewed Jun 10, 2020
Published to the GitHub Advisory Database Jun 10, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(72nd percentile)

Weaknesses

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. Learn more on MITRE.

CVE ID

CVE-2014-8122

GHSA ID

GHSA-338v-3958-8v8r

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.