org.keycloak:keycloak-parent@4.3.0.Final vulnerabilities

  • latest version

    26.0.7

  • first published

    11 years ago

  • latest version published

    20 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.keycloak:keycloak-parent package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Brute Force

    Affected versions of this package are vulnerable to Brute Force. When TOPT is enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

    How to fix Brute Force?

    Upgrade org.keycloak:keycloak-parent to version 4.6.0.Final or higher.

    [4.2.1.Final,4.6.0.Final)
    • L
    Information Exposure

    Affected versions of this package are vulnerable to Information Exposure. An attacker can use the change email function in the account settings to make an account enumeration attack.

    How to fix Information Exposure?

    There is no fixed version for org.keycloak:keycloak-parent.

    [0,)