org.jgroups:jgroups

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jgroups:jgroupspage 1 of 1

CVE-2013-4112NONECVSS 0.0✓ Fixed in 3.3.3.Final
2013-09-28
vulnerable: 3.3.0.Final, 3.3.1.Final, 3.3.2.Final
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
CVE-2016-2141CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.2.16.Final
2016-06-30
vulnerable: 2.10.0.CR1 ... 3.2.9.Final (78 versions)
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive …

Check whether org.jgroups:jgroups is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jgroups:jgroups CVEs against the assets you own.

Start Free Scan →