Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.jooby:jooby-pac4j(Maven) | 0 | 2.17.0 | N/A |
| io.jooby:jooby-pac4j(Maven) | 3.0.0.M1 | 3.7.0 | N/A |
CVSS Metrics
