CVE-2015-0201: Insufficiently random session id in Java SockJS client

March 10, 2015 (updated March 11, 2015)

The Java SockJS client in this package generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

References

pivotal.io/security/cve-2015-0201
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201

Code Behaviors & Features

Detect and mitigate CVE-2015-0201 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →