[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-12369":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":341,"aliases":342,"duplicate_of":9,"upstream":344,"downstream":345,"duplicates":350,"related":351,"reserved_at":9,"published_at":356,"modified_at":357,"state":358,"summary":359,"references_raw":368,"kevs":430,"epss":431,"epss_history":434,"metrics":695,"affected":704},"CVE-2024-12369","A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-345","Insufficient Verification of Data Authenticity","The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","weakness","Draft","Class",[19,23,76,88,109,113,117,121,125,129,133,337],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-148","Content Spoofing",[92],{"id":93,"name":94,"tactics":95,"countermeasures":99},"T1491","Defacement",[96],{"id":97,"name":98},"TA0105","Impact",[100,105],{"id":101,"name":102,"tactic":103},"D3-DNR","Decoy Network Resource",{"name":104},"Deceive",{"id":106,"name":107,"tactic":108},"D3-NRAM","Network Resource Access Mediation",{"name":75},{"id":110,"name":111,"techniques":112},"CAPEC-218","Spoofing of UDDI/ebXML Messages",[],{"id":114,"name":115,"techniques":116},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":118,"name":119,"techniques":120},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":122,"name":123,"techniques":124},"CAPEC-386","Application API Navigation Remapping",[],{"id":126,"name":127,"techniques":128},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":130,"name":131,"techniques":132},"CAPEC-388","Application API Button Hijacking",[],{"id":134,"name":135,"techniques":136},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[137,173,213],{"id":138,"name":139,"tactics":140,"countermeasures":147},"T1211","Exploitation for Stealth",[141,144],{"id":142,"name":143},"TA0030","Defense Evasion",{"id":145,"name":146},"TA0005","Stealth",[148,152,156,160,165,169],{"id":149,"name":150,"tactic":151},"D3-MBT","Memory Boundary Tracking",{"name":42},{"id":153,"name":154,"tactic":155},"D3-PCSV","Process Code Segment Verification",{"name":42},{"id":157,"name":158,"tactic":159},"D3-SSC","Shadow Stack Comparisons",{"name":42},{"id":161,"name":162,"tactic":163},"D3-PSEP","Process Segment Execution Prevention",{"name":164},"Harden",{"id":166,"name":167,"tactic":168},"D3-SAOR","Segment Address Offset Randomization",{"name":164},{"id":170,"name":171,"tactic":172},"D3-SFCV","Stack Frame Canary Validation",{"name":164},{"id":174,"name":175,"tactics":176,"countermeasures":182},"T1542.002","Component Firmware",[177,178,179],{"id":142,"name":143},{"id":145,"name":146},{"id":180,"name":181},"TA0110","Persistence",[183,188,192,196,200,204,208],{"id":184,"name":185,"tactic":186},"D3-SWI","Software Inventory",{"name":187},"Model",{"id":189,"name":190,"tactic":191},"D3-AVE","Asset Vulnerability Enumeration",{"name":187},{"id":193,"name":194,"tactic":195},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":42},{"id":197,"name":198,"tactic":199},"D3-FV","Firmware Verification",{"name":42},{"id":201,"name":202,"tactic":203},"D3-FBA","Firmware Behavior Analysis",{"name":42},{"id":205,"name":206,"tactic":207},"D3-SU","Software Update",{"name":164},{"id":209,"name":210,"tactic":211},"D3-RS","Restore Software",{"name":212},"Restore",{"id":214,"name":215,"tactics":216,"countermeasures":223},"T1556","Modify Authentication Process",[217,218,221,222],{"id":142,"name":143},{"id":219,"name":220},"TA0112","Defense Impairment",{"id":180,"name":181},{"id":32,"name":33},[224,228,232,236,240,244,248,252,256,260,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333],{"id":225,"name":226,"tactic":227},"D3-CI","Configuration Inventory",{"name":187},{"id":229,"name":230,"tactic":231},"D3-NTPM","Network Traffic Policy Mapping",{"name":187},{"id":233,"name":234,"tactic":235},"D3-AM","Access Modeling",{"name":187},{"id":237,"name":238,"tactic":239},"D3-FA","File Analysis",{"name":42},{"id":241,"name":242,"tactic":243},"D3-FIM","File Integrity Monitoring",{"name":42},{"id":245,"name":246,"tactic":247},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":249,"name":250,"tactic":251},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":253,"name":254,"tactic":255},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":257,"name":258,"tactic":259},"D3-SFA","System File Analysis",{"name":42},{"id":261,"name":262,"tactic":263},"D3-FEV","File Eviction",{"name":264},"Evict",{"id":266,"name":267,"tactic":268},"D3-PT","Process Termination",{"name":264},{"id":270,"name":271,"tactic":272},"D3-PS","Process Suspension",{"name":264},{"id":274,"name":275,"tactic":276},"D3-HR","Host Reboot",{"name":264},{"id":278,"name":279,"tactic":280},"D3-HS","Host Shutdown",{"name":264},{"id":282,"name":283,"tactic":284},"D3-DF","Decoy File",{"name":104},{"id":286,"name":287,"tactic":288},"D3-FE","File Encryption",{"name":164},{"id":290,"name":291,"tactic":292},"D3-RF","Restore File",{"name":212},{"id":294,"name":295,"tactic":296},"D3-RC","Restore Configuration",{"name":212},{"id":298,"name":299,"tactic":300},"D3-CF","Content Filtering",{"name":75},{"id":302,"name":303,"tactic":304},"D3-LFP","Local File Permissions",{"name":75},{"id":306,"name":307,"tactic":308},"D3-RFAM","Remote File Access Mediation",{"name":75},{"id":310,"name":311,"tactic":312},"D3-CQ","Content Quarantine",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CM","Content Modification",{"name":75},{"id":318,"name":319,"tactic":320},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":322,"name":323,"tactic":324},"D3-SCF","System Call Filtering",{"name":75},{"id":326,"name":327,"tactic":328},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":330,"name":331,"tactic":332},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":338,"name":339,"techniques":340},"CAPEC-701","Browser in the Middle (BiTM)",[],[],[343],"GHSA-5565-3c98-g6jc",[],[346,348],{"_key":347},"RHSA-2025:3989",{"_key":349},"RHSA-2025:3990",[],[352,354],{"_key":353},"CGA-HF6H-4WJH-FPVQ",{"_key":355},"CGA-F92M-W235-5WG6","2024-12-09T20:53:09.260Z","2026-04-30T13:27:28.260Z","Deferred",{"cisa_kev":360,"cisa_ransomware":360,"cisa_vendor":9,"epss_severity":361,"epss_score":362,"severity":363,"severity_score":364,"severity_version":365,"severity_source":366,"severity_vector":367,"severity_status":358},false,"low",0.00121,"medium",4.2,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",[369,376,380,384,391,396,400,404,408,412,416,421,426],{"url":370,"sources":371,"tags":373},"https://access.redhat.com/errata/RHSA-2025:3989",[366,372],"nvd",[374,375],"Vendor Advisory","X Refsource REDHAT",{"url":377,"sources":378,"tags":379},"https://access.redhat.com/errata/RHSA-2025:3990",[366,372],[374,375],{"url":381,"sources":382,"tags":383},"https://access.redhat.com/errata/RHSA-2025:3992",[366,372],[374,375],{"url":385,"sources":386,"tags":388},"https://access.redhat.com/security/cve/CVE-2024-12369",[366,372,387],"osv_maven",[389,375,390],"VDB Entry","WEB",{"url":392,"sources":393,"tags":394},"https://bugzilla.redhat.com/show_bug.cgi?id=2331178",[366,372,387],[395,375,390],"Issue Tracking",{"url":397,"sources":398,"tags":399},"https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb",[366,372,387],[390],{"url":401,"sources":402,"tags":403},"https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb",[366,372,387],[390],{"url":405,"sources":406,"tags":407},"https://github.com/wildfly-security/wildfly-elytron/pull/2253",[366,372,387],[390],{"url":409,"sources":410,"tags":411},"https://github.com/wildfly-security/wildfly-elytron/pull/2261",[366,372,387],[390],{"url":413,"sources":414,"tags":415},"https://github.com/wildfly-security/wildfly-elytron/security/advisories/GHSA-5565-3c98-g6jc",[387],[390],{"url":417,"sources":418,"tags":419},"https://nvd.nist.gov/vuln/detail/CVE-2024-12369",[387],[420],"Advisory",{"url":422,"sources":423,"tags":424},"https://github.com/wildfly-security/wildfly-elytron",[387],[425],"PACKAGE",{"url":427,"sources":428,"tags":429},"https://issues.redhat.com/browse/ELY-2887",[387],[390],[],{"date":432,"score":362,"percentile":433},"2026-06-04",0.30643,[435,439,442,445,448,451,454,457,460,463,466,469,472,474,477,481,484,487,490,493,496,499,501,504,507,510,513,516,519,522,524,527,530,532,535,538,541,543,546,549,552,555,558,561,564,567,570,573,576,579,582,584,587,590,593,596,598,601,603,606,609,612,615,618,621,623,625,627,629,632,635,638,640,642,645,649,652,655,658,661,664,667,670,673,676,680,683,686,689,692],{"date":436,"score":437,"percentile":438},"2025-11-04",0.0014,0.34742,{"date":440,"score":437,"percentile":441},"2025-11-05",0.34731,{"date":443,"score":437,"percentile":444},"2025-11-06",0.34729,{"date":446,"score":437,"percentile":447},"2025-11-07",0.34751,{"date":449,"score":437,"percentile":450},"2025-11-08",0.34744,{"date":452,"score":437,"percentile":453},"2025-11-09",0.34727,{"date":455,"score":437,"percentile":456},"2025-11-10",0.34674,{"date":458,"score":437,"percentile":459},"2025-11-11",0.34703,{"date":461,"score":437,"percentile":462},"2025-11-12",0.34746,{"date":464,"score":437,"percentile":465},"2025-11-13",0.34762,{"date":467,"score":437,"percentile":468},"2025-11-14",0.34769,{"date":470,"score":437,"percentile":471},"2025-11-15",0.34768,{"date":473,"score":437,"percentile":438},"2025-11-16",{"date":475,"score":437,"percentile":476},"2025-11-17",0.34718,{"date":478,"score":479,"percentile":480},"2025-11-18",0.00226,0.41512,{"date":482,"score":479,"percentile":483},"2025-11-19",0.41529,{"date":485,"score":479,"percentile":486},"2025-11-20",0.41539,{"date":488,"score":437,"percentile":489},"2025-11-21",0.34756,{"date":491,"score":437,"percentile":492},"2025-11-22",0.34759,{"date":494,"score":437,"percentile":495},"2025-11-23",0.34726,{"date":497,"score":437,"percentile":498},"2025-11-24",0.34701,{"date":500,"score":437,"percentile":498},"2025-11-25",{"date":502,"score":437,"percentile":503},"2025-11-26",0.347,{"date":505,"score":437,"percentile":506},"2025-11-27",0.34711,{"date":508,"score":437,"percentile":509},"2025-11-28",0.3469,{"date":511,"score":437,"percentile":512},"2025-11-29",0.34671,{"date":514,"score":437,"percentile":515},"2025-11-30",0.34649,{"date":517,"score":437,"percentile":518},"2025-12-01",0.3475,{"date":520,"score":437,"percentile":521},"2025-12-02",0.3476,{"date":523,"score":437,"percentile":492},"2025-12-03",{"date":525,"score":437,"percentile":526},"2025-12-04",0.34648,{"date":528,"score":437,"percentile":529},"2025-12-05",0.34678,{"date":531,"score":437,"percentile":529},"2025-12-06",{"date":533,"score":437,"percentile":534},"2025-12-07",0.34652,{"date":536,"score":437,"percentile":537},"2025-12-08",0.34664,{"date":539,"score":437,"percentile":540},"2025-12-09",0.34704,{"date":542,"score":437,"percentile":447},"2025-12-10",{"date":544,"score":437,"percentile":545},"2025-12-11",0.34773,{"date":547,"score":437,"percentile":548},"2025-12-12",0.34803,{"date":550,"score":437,"percentile":551},"2025-12-13",0.34785,{"date":553,"score":437,"percentile":554},"2025-12-14",0.34757,{"date":556,"score":437,"percentile":557},"2025-12-15",0.34715,{"date":559,"score":437,"percentile":560},"2025-12-16",0.3474,{"date":562,"score":437,"percentile":563},"2025-12-17",0.34792,{"date":565,"score":437,"percentile":566},"2025-12-18",0.34839,{"date":568,"score":437,"percentile":569},"2025-12-19",0.34861,{"date":571,"score":437,"percentile":572},"2025-12-20",0.34843,{"date":574,"score":437,"percentile":575},"2025-12-21",0.34786,{"date":577,"score":437,"percentile":578},"2025-12-22",0.34758,{"date":580,"score":437,"percentile":581},"2025-12-23",0.34753,{"date":583,"score":437,"percentile":450},"2025-12-24",{"date":585,"score":437,"percentile":586},"2025-12-25",0.34807,{"date":588,"score":437,"percentile":589},"2025-12-26",0.3479,{"date":591,"score":437,"percentile":592},"2025-12-27",0.34802,{"date":594,"score":437,"percentile":595},"2025-12-28",0.34706,{"date":597,"score":437,"percentile":512},"2025-12-29",{"date":599,"score":437,"percentile":600},"2025-12-30",0.34662,{"date":602,"score":437,"percentile":557},"2025-12-31",{"date":604,"score":437,"percentile":605},"2026-01-01",0.34867,{"date":607,"score":437,"percentile":608},"2026-01-02",0.34858,{"date":610,"score":437,"percentile":611},"2026-01-03",0.34841,{"date":613,"score":437,"percentile":614},"2026-01-04",0.34692,{"date":616,"score":437,"percentile":617},"2026-01-05",0.34676,{"date":619,"score":437,"percentile":620},"2026-01-06",0.34688,{"date":622,"score":437,"percentile":540},"2026-01-07",{"date":624,"score":437,"percentile":441},"2026-01-08",{"date":626,"score":437,"percentile":495},"2026-01-09",{"date":628,"score":437,"percentile":441},"2026-01-10",{"date":630,"score":437,"percentile":631},"2026-01-11",0.34712,{"date":633,"score":437,"percentile":634},"2026-01-12",0.34653,{"date":636,"score":437,"percentile":637},"2026-01-13",0.34635,{"date":639,"score":437,"percentile":456},"2026-01-14",{"date":641,"score":437,"percentile":537},"2026-01-15",{"date":643,"score":437,"percentile":644},"2026-01-16",0.34681,{"date":646,"score":647,"percentile":648},"2026-01-17",0.00197,0.41817,{"date":650,"score":647,"percentile":651},"2026-01-18",0.41785,{"date":653,"score":647,"percentile":654},"2026-01-19",0.41755,{"date":656,"score":647,"percentile":657},"2026-01-20",0.41744,{"date":659,"score":647,"percentile":660},"2026-01-21",0.41746,{"date":662,"score":647,"percentile":663},"2026-01-22",0.41739,{"date":665,"score":647,"percentile":666},"2026-01-23",0.41799,{"date":668,"score":647,"percentile":669},"2026-01-24",0.41809,{"date":671,"score":647,"percentile":672},"2026-01-25",0.41758,{"date":674,"score":647,"percentile":675},"2026-01-26",0.41714,{"date":677,"score":678,"percentile":679},"2026-01-27",0.00308,0.53519,{"date":681,"score":678,"percentile":682},"2026-01-28",0.53537,{"date":684,"score":678,"percentile":685},"2026-01-29",0.53532,{"date":687,"score":678,"percentile":688},"2026-01-30",0.53535,{"date":690,"score":678,"percentile":691},"2026-01-31",0.53543,{"date":693,"score":678,"percentile":694},"2026-02-01",0.5368,[696,700,702],{"source":366,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":697,"cvss_v4_0":9},{"baseScore":364,"baseSeverity":698,"vectorString":367,"impactScore":364,"exploitabilityScore":699},"MEDIUM",4.1,{"source":372,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":701,"cvss_v4_0":9},{"baseScore":364,"baseSeverity":698,"vectorString":367,"impactScore":364,"exploitabilityScore":699},{"source":387,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":703,"cvss_v4_0":9},{"baseScore":364,"baseSeverity":9,"vectorString":367,"impactScore":364,"exploitabilityScore":699},[705,724],{"ecosystem":706,"name":707,"vendor":708,"product":709,"cpe_part":9,"purl_type":710,"purl_namespace":708,"purl_name":709,"source":9,"versions":711},"Maven","org.wildfly.security:wildfly-elytron","org.wildfly.security","wildfly-elytron","maven",[712,720],{"version":713,"is_range":714,"range_type":715,"version_start":716,"version_start_type":717,"version_end":718,"version_end_type":719,"fixed_in":9},"gte1_17_0_Final_lt2_2_9_Final",true,"ecosystem","1.17.0.Final","including","2.2.9.Final","excluding",{"version":721,"is_range":714,"range_type":715,"version_start":722,"version_start_type":717,"version_end":723,"version_end_type":719,"fixed_in":9},"gte2_3_0_Final_lt2_6_2_Final","2.3.0.Final","2.6.2.Final",{"ecosystem":706,"name":725,"vendor":708,"product":726,"cpe_part":9,"purl_type":710,"purl_namespace":708,"purl_name":726,"source":9,"versions":727},"org.wildfly.security:wildfly-elytron-http-oidc","wildfly-elytron-http-oidc",[728,729],{"version":713,"is_range":714,"range_type":715,"version_start":716,"version_start_type":717,"version_end":718,"version_end_type":719,"fixed_in":9},{"version":721,"is_range":714,"range_type":715,"version_start":722,"version_start_type":717,"version_end":723,"version_end_type":719,"fixed_in":9}]