CVE-2021-3642: Observable Discrepancy

May 24, 2022 (updated June 22, 2022)

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

References

bugzilla.redhat.com/show_bug.cgi?id=1981407
github.com/advisories/GHSA-5499-qjvh-6j7w
nvd.nist.gov/vuln/detail/CVE-2021-3642

Detect and mitigate CVE-2021-3642 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →