-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.wildfly.core:wildfly-server | maven | < 16.0.1.Final | 16.0.1.Final |
| org.wildfly.core:wildfly-server | maven | >= 17.0.0.Beta2, < 17.0.0.Beta3 | 17.0.0.Beta3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sensitivity classification of vault expressions in multi-expression attributes. The commit diff shows the patched version replaced the original two-step check (ExpressionResolver.EXPRESSION_PATTERN followed by VaultReader.STANDARD_VAULT_PATTERN) with a single comprehensive regex (VAULT_EXPRESSION_PATTERN) that scans the entire attribute value. The test case added in VaultExpressionSensitivityTestCase.java demonstrates how an attacker could previously inject a vault expression alongside other content. The isSensitiveValue function's pre-patch logic failed to detect vault expressions when they weren't the sole expression in the attribute, making it the clear vulnerable function.
Ongoing coverage of React2Shell