org.keycloak:keycloak-parent@4.4.0.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-parent package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Brute Force

Affected versions of this package are vulnerable to Brute Force. When TOPT is enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

How to fix Brute Force?

Upgrade org.keycloak:keycloak-parent to version 4.6.0.Final or higher.

[4.2.1.Final,4.6.0.Final)
  • L
Information Exposure

Affected versions of this package are vulnerable to Information Exposure. An attacker can use the change email function in the account settings to make an account enumeration attack.

How to fix Information Exposure?

There is no fixed version for org.keycloak:keycloak-parent.

[0,)