org.keycloak:keycloak-core@21.1.2 vulnerabilities
-
latest version
26.0.4
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
21 days ago
-
licenses detected
- [1.0-alpha-1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.keycloak:keycloak-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.keycloak:keycloak-core is an open source identity and access management solution. Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the extended validation period of How to fix Use of a Key Past its Expiration Date? Upgrade |
[,24.0.7)
[25.0.0,25.0.4)
|
org.keycloak:keycloak-core is an open source identity and access management solution. Affected versions of this package are vulnerable to Improper Handling of Extra Values due to the lack of limitation on the number of attributes per object. An attacker can cause resource exhaustion by sending repeated HTTP requests that result in the application sending back rows with long attribute values. How to fix Improper Handling of Extra Values? Upgrade |
[0,24.0.0)
|
org.keycloak:keycloak-core is an open source identity and access management solution. Affected versions of this package are vulnerable to Unprotected Transport of Credentials for the LDAP testing endpoint, which allows the modification of the How to fix Unprotected Transport of Credentials? Upgrade |
[,24.0.6)
[25.0.0,25.0.1)
|