CVE-2019-10158

CRITICAL9.8EPSS 0.51%

Improper implementation of the session fixation protection in Infinispan

Published: 1/21/2020Modified: 2/20/2024

Description

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Affected packages (1)

Maven/org.infinispan:infinispan-corefrom 0, < 9.4.15.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10158
PATCHhttps://github.com/infinispan/infinispan
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158
WEBhttps://github.com/infinispan/infinispan/commit/4b381c5910265972ccaabefbdbd16a2b929f6b72
WEBhttps://github.com/infinispan/infinispan/commits/9.4.15.Final
WEBhttps://github.com/infinispan/infinispan/pull/6960
WEBhttps://github.com/infinispan/infinispan/pull/7025
WEBhttps://github.com/infinispan/infinispan/pull/7043
WEBhttps://security.netapp.com/advisory/ntap-20231227-0009