Skip to content

Information disclosure in JBoss Weld

Moderate severity GitHub Reviewed Published Jun 10, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.jboss.weld:weld-core-bom (Maven)

Affected versions

< 2.2.8

Patched versions

2.2.8

Description

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

References

Reviewed Jun 10, 2020
Published to the GitHub Advisory Database Jun 10, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(72nd percentile)

Weaknesses

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. Learn more on MITRE.

CVE ID

CVE-2014-8122

GHSA ID

GHSA-338v-3958-8v8r

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.