Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
(browse all)
Permalink CVE-2024-1233
created 4 months, 3 weeks ago
Jboss eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Affected products

eap
wildfly
  • <32.0.0.Final
eap7-netty
  • *
eap7-wss4j
  • *
eap7-wildfly
  • *
eap7-undertow
  • *
eap7-hibernate
  • *
eap7-apache-cxf
  • *
eap7-infinispan
  • *
eap7-hal-console
  • *
eap8-elytron-web
  • *
eap7-glassfish-el
  • *
eap7-jackson-core
  • *
eap7-xml-security
  • *
eap7-jboss-modules
  • *
eap7-jboss-metadata
  • *
eap7-wildfly-elytron
  • *
eap7-wildfly-openssl
  • *
eap8-wildfly-elytron
  • *
eap7-jackson-databind
  • *
eap7-jboss-ejb-client
  • *
eap7-wildfly-discovery
  • *
eap7-jackson-annotations
  • *
eap7-wildfly-http-client
  • *
eap7-jackson-modules-base
  • *
eap7-jackson-modules-java8
  • *
eap7-wildfly-naming-client
  • *
eap7-wildfly-openssl-linux
  • *
eap7-jboss-jsf-api_2.3_spec
  • *
eap7-jboss-server-migration
  • *
eap7-jackson-jaxrs-providers
  • *
eap7-wildfly-transaction-client
  • *
org.wildfly.security/wildfly-elytron
  • *

Matching in nixpkgs

pkgs.reap

Run process until all its spawned processes are dead

pkgs.leaps

Pair programming tool and library written in Golang

  • nixos-unstable -

pkgs.reaper

Digital audio workstation

  • nixos-unstable -

pkgs.teapot

Table Editor And Planner, Or: Teapot

  • nixos-unstable -

pkgs.adreaper

Enumeration tool for Windows Active Directories

  • nixos-unstable -

pkgs.reaper-go

Application security testing framework

  • nixos-unstable -

pkgs.tuleap-cli

Command-line interface for the Tuleap API

  • nixos-unstable -

pkgs.libfreeaptx

Free Implementation of Audio Processing Technology codec (aptX)

  • nixos-unstable -

pkgs.python312Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.python313Packages.deap

Novel evolutionary computation framework for rapid prototyping and testing of ideas

  • nixos-unstable -

pkgs.gnomeExtensions.ideapad-controls

Control Lenovo IdeaPad laptops options: Conservation Mode, Camera Lock, Fn Lock, Touchpad Lock, USB charging

  • nixos-unstable -
    • nixpkgs-unstable 3

Package maintainers