Redhat: >> Wildfly >> 16.0.0 Security Vulnerabilities
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
CVSS Score
5.4
EPSS Score
0.012
Published
2019-05-03
Page 2