Apache Deltaspike
By the Year
In 2024 there have been 0 vulnerabilities in Apache Deltaspike . Deltaspike did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Deltaspike vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Deltaspike Security Vulnerabilities
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js
CVE-2019-12416
6.1 - Medium
- March 19, 2020
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.
Injection
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling
CVE-2017-17837
6.1 - Medium
- January 04, 2018
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Deltaspike or by Apache? Click the Watch button to subscribe.
