Known Vulnerabilities for products from PAC4J
Listed below are 4 of the newest known vulnerabilities associated with the vendor "PAC4J".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40459 json | PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax in... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-40458 json | PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, ... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-29000 json | Not Provided | 2026-03-04 | 2026-03-11 | |
| CVE-2021-44878 json | If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does n... | 7.5 - HIGH | 2022-01-06 | 2022-05-13 |
| CVE-2019-10755 json | The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils clas... | 4.9 - MEDIUM | 2019-09-23 | 2019-09-24 |
Known software with vulnerabilities from PAC4J
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pac4j | Pac4j | 1.4.0 |