{"id":"CVE-2019-12416","details":"we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.","aliases":["GHSA-rhg5-fqr3-hrf5"],"modified":"2026-05-30T10:51:09.595732Z","published":"2020-03-19T15:15:12.933Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r848d7d4c0bf637da55f01103eb8ba0fce344c295fda53264cbaa1568%40%3Ccommits.camel.apache.org%3E"},{"type":"EVIDENCE","url":"https://lists.apache.org/thread.html/r8f327712b2b07f867fde1e77cbafcf8cc6a3facaa693ffdd2c3285e3%40%3Cdev.deltaspike.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/deltaspike","events":[{"introduced":"0"},{"last_affected":"da1a02f3fc5ed4f20679256c8b5918c6edaa9280"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.9.2"}],"cpe":"cpe:2.3:a:apache:deltaspike:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["deltaspike-1.9.2","deltaspike-1.9.1","deltaspike-1.9.0","deltaspike-1.8.1","deltaspike-1.8.0","deltaspike-1.7.2","deltaspike-1.7.1","deltaspike-1.5.4","deltaspike-1.5.3","deltaspike-1.5.2","deltaspike-1.5.1","deltaspike-1.5.0","deltaspike-1.4.2","deltaspike-1.4.1","deltaspike-project-1.2.1","deltaspike-project-1.1.0","deltaspike-project-1.0.3","deltaspike-project-1.0.2","deltaspike-project-1.0.1","deltaspike-project-1.0.0","deltaspike-project-0.6","deltaspike-project-0.5","deltaspike-project-0.4","deltaspike-project-0.3-incubating","deltaspike-project-0.2-incubating"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12416.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}