Description
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API.
dom4j: XML External Entity vulnerability in default SAX parser.
wildfly-elytron: session fixation when using FORM authentication.
wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests.
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution.
hibernate-core: hibernate: SQL injection issue in Hibernate ORM.
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans.
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution.
undertow: EAP: field-name is not parsed in accordance to RFC7230.
hibernate-validator: Improper input validation in the interpolation of constraint error messages.
wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain.
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service.