2019-09-23 22:13:04
snyk
PUBLISHED
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNGs algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.