GHSA-338v-3958-8v8r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-338v-3958-8v8r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-338v-3958-8v8r/GHSA-338v-3958-8v8r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-338v-3958-8v8r
- Aliases
-
- CVE-2014-8122
- Published
- 2020-06-10T20:54:15Z
- Modified
- 2024-12-02T05:49:23.971670Z
- Summary
- Information disclosure in JBoss Weld
- Details
-
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-362" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-10T20:53:46Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-8122
- https://github.com/weld/core/commit/29fd1107fd30579ad9bb23fae4dc3ba464205745
- https://github.com/weld/core/commit/6808b11cd6d97c71a2eed754ed4f955acd789086
- https://github.com/weld/core/commit/8e413202fa1af08c09c580f444e4fd16874f9c65
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100892
- https://github.com/victims/victims-cve-db/blob/master/database/java/2014/8122.yaml
- https://github.com/weld/core
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0773.html
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- http://www.securityfocus.com/bid/74252
- http://www.securitytracker.com/id/1031741
Affected packages
Maven / org.jboss.weld:weld-core-bom
Package
- Name
- org.jboss.weld:weld-core-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.weld/weld-core-bom
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.8
Affected versions
1.*
1.0.0-CR1
1.0.0-CR1-SP1
1.0.0
1.0.0-SP3
1.0.0-SP4
1.0.1-CR1
1.0.1-CR2
1.0.1-Final
1.0.1-SP1
1.0.1-SP2
1.0.1-SP3
1.0.1-SP4
1.1.0-01-glassfish
1.1.0.Beta1
1.1.0.Beta2
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.1.2.AS7
1.1.3.SP1
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.5.AS71.Final
1.1.6.Final
1.1.7.Final
1.1.8.Final
1.1.9.Final
1.1.10.Final
1.1.11.Final
1.1.12.Final
1.1.13.Final
1.1.14.Final
1.1.15.Final
1.1.16.Final
1.1.17.SP2
1.1.17.SP3
1.1.17.Final
1.1.18.Final
1.1.19.Final
1.1.20.Final
1.1.21.Final
1.1.22.Final
1.1.23.Final
1.1.24.Final
1.1.25.Final
1.1.26.Final
1.1.27.Final
1.1.28.Final
1.1.29.Final
1.1.30.Final
1.1.31.Final
1.1.32.Final
1.1.33.Final
1.1.34.Final
1.2.0.Beta1
2.*
2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Beta1
2.0.0.Beta2
2.0.0.Beta3
2.0.0.Beta4
2.0.0.Beta5
2.0.0.Beta6
2.0.0.Beta7
2.0.0.Beta8
2.0.0.CR1
2.0.0.CR2
2.0.0.CR3
2.0.0.CR4
2.0.0.SP1
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.1.0.Alpha1
2.1.0.Beta1
2.1.0.Beta2
2.1.0.CR1
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.2.0.Alpha1
2.2.0.Alpha2
2.2.0.Beta1
2.2.0.Beta2
2.2.0.CR1
2.2.0.CR2
2.2.0.SP1
2.2.0.SP2
2.2.0.Final
2.2.1.Final
2.2.2.Final
2.2.3.Final
2.2.4.Final
2.2.5.Final
2.2.6.Final
2.2.7.Final