Description
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1)
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)
WordPress Plugin WP Easy Gallery Cross-Site Scripting (4.1.4)
WordPress Plugin Booking.com Product Helper Unspecified Vulnerability (1.0.3)