CVE-2014-8122
Information disclosure in JBoss Weld
EPSS 0.75%
Description
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
How to fix CVE-2014-8122
To remediate CVE-2014-8122, upgrade the affected package to a fixed version below.
- Maven/org.jboss.weld:weld-core-bom—upgrade to 2.2.8 or later
Is CVE-2014-8122 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.8