You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114 in branch main
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Vulnerable Package issue exists @ Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114 in branch main
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 54f047f8-7049-4205-83b9-9e21c75dc4c9
Branch: main
Application: Java-Webgoat
Severity: LOW
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-613
Additional Info
Attack vector: PHYSICAL
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 9.4.43.v20210629
References
Advisory
Issue
Pull request
Commit
The text was updated successfully, but these errors were encountered: