Advisories for Maven/Org.jgroups/Jgroups package

2016

Authorization bypass in JGroups

JGroups does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

2013

Authentication via cached credentials

The DiagnosticsHandler in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.