{"id":4959883,"name":"org.openid4java:openid4java","ecosystem":"maven","description":"OpenID4Java library offers support for OpenID-enabling a consumer site or implementing an OpenID Provider server.","homepage":"http://code.google.com/p/openid4java/","licenses":"Apache 2","normalized_licenses":["Apache-2.0"],"repository_url":"http://openid4java.googlecode.com/svn/trunk/","keywords_array":[],"namespace":"org.openid4java","versions_count":4,"first_release_published_at":"2009-06-16T17:19:54.000Z","latest_release_published_at":"2013-05-13T19:51:32.000Z","latest_release_number":"0.9.8","last_synced_at":"2026-04-27T13:23:57.099Z","created_at":"2022-07-27T07:19:36.654Z","updated_at":"2026-04-27T13:51:42.317Z","registry_url":"https://central.sonatype.com/artifact/org.openid4java/openid4java/","install_command":null,"documentation_url":"https://appdoc.app/artifact/org.openid4java/openid4java/","metadata":{"repositories":["https://oss.sonatype.org/content/repositories/openid4java-snapshots/"],"distribution_repositories":["http://oss.sonatype.org/service/local/staging/deploy/maven2/","http://oss.sonatype.org/content/repositories/openid4java-snapshots/"]},"repo_metadata":{},"repo_metadata_updated_at":"2026-02-12T02:43:01.456Z","dependent_packages_count":47,"downloads":null,"downloads_period":null,"dependent_repos_count":291,"rankings":{"downloads":null,"dependent_repos_count":0.8788170233229142,"dependent_packages_count":1.4075899655365873,"stargazers_count":null,"forks_count":null,"docker_downloads_count":0.4979161657449708,"average":0.9281077182014908},"purl":"pkg:maven/org.openid4java/openid4java","advisories":[{"uuid":"GSA_kwCzR0hTQS1qNDczLWMzcnItcng5cM4AAfU4","url":"https://github.com/advisories/GHSA-j473-c3rr-rx9p","title":"OpenID4Java does not verify that Attribute Exchange (AX) information is signed","description":"message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:15:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-4314","https://issues.jboss.org/browse/JBEPP-1368","https://issues.jboss.org/browse/SOA-3597","http://rhn.redhat.com/errata/RHSA-2012-0441.html","http://rhn.redhat.com/errata/RHSA-2012-0519.html","http://www.openwall.com/lists/oss-security/2011/11/16/1","http://www.openwall.com/lists/oss-security/2011/11/17/1","http://www.redhat.com/support/errata/RHSA-2011-1804.html","http://openid.net/2011/05/05/attribute-exchange-security-alert","https://web.archive.org/web/20201207151157/http://securitytracker.com/id?1026400","https://github.com/advisories/GHSA-j473-c3rr-rx9p"],"source_kind":"github","identifiers":["GHSA-j473-c3rr-rx9p","CVE-2011-4314"],"repository_url":null,"blast_radius":0.0,"created_at":"2025-04-12T03:07:47.300Z","updated_at":"2026-04-27T13:03:11.663Z","epss_percentage":0.00571,"epss_percentile":0.68708,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDczLWMzcnItcng5cM4AAfU4","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qNDczLWMzcnItcng5cM4AAfU4","packages":[{"ecosystem":"maven","package_name":"org.openid4java:openid4java","versions":[{"first_patched_version":"0.9.6","vulnerable_version_range":"\u003c 0.9.6"}],"purl":null,"statistics":{"dependent_packages_count":47,"dependent_repos_count":291,"downloads":null,"downloads_period":null},"affected_versions":["0.9.5"],"unaffected_versions":["0.9.6","0.9.7","0.9.8"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDczLWMzcnItcng5cM4AAfU4/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/org.openid4java:openid4java","docker_dependents_count":45,"docker_downloads_count":86297678,"usage_url":"https://repos.ecosyste.ms/usage/maven/org.openid4java:openid4java","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/org.openid4java:openid4java/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.openid4java:openid4java/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.openid4java:openid4java/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.openid4java:openid4java/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.openid4java:openid4java/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.openid4java:openid4java/codemeta","maintainers":[]}