Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk:Medium] Flyway Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')(due on 09/16/2024) #5878

Closed
1 task done
pkfec opened this issue Jun 20, 2024 · 1 comment
Closed
1 task done

[Snyk:Medium] Flyway Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')(due on 09/16/2024) #5878

pkfec opened this issue Jun 20, 2024 · 1 comment
Assignees
@fec-jli
Labels
Security: moderate Remediate within 60 days

Comments

@pkfec
Copy link
Contributor

pkfec commented Jun 20, 2024
edited by cnlucas
Loading

Overview

Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

Introduced through:

unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.microsoft.azure:msal4j@1.13.8

Completion criteria:

  • upgrade flyway to latest version
@pkfec pkfec added the Security: moderate Remediate within 60 days label Jun 20, 2024
@pkfec pkfec mentioned this issue Jun 20, 2024
Closed
3 tasks
This was referenced Jun 26, 2024
Closed
Closed
@cnlucas
Copy link
Member

cnlucas commented Sep 9, 2024

This was remediated by #5939

@cnlucas cnlucas closed this as completed Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fec-jli fec-jli

Labels
Security: moderate Remediate within 60 days
Projects
Website project
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pkfec @fec-jli @cnlucas