org.keycloak:keycloak-authz-client@3.4.1.CR1 vulnerabilities

  • latest version

    26.0.3

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    26 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.keycloak:keycloak-authz-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Remote Code Execution (RCE)

    org.keycloak:keycloak-authz-client is a client API for Keycloak Authz.

    Affected versions of this package are vulnerable to Remote Code Execution (RCE). A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

    How to fix Remote Code Execution (RCE)?

    Upgrade org.keycloak:keycloak-authz-client to version 8.0.0 or higher.

    [,8.0.0)
    • M
    Information Exposure

    org.keycloak:keycloak-authz-client is the client API for Keycloak Authz.

    Affected versions of this package are vulnerable to Information Exposure. A flaw was found in keycloak where a logged exception in the HttpMethod class may leak the password given as parameter.

    How to fix Information Exposure?

    Upgrade org.keycloak:keycloak-authz-client to version 9.0.0 or higher.

    [,9.0.0)