org.keycloak:keycloak-quarkus-dist@26.2.3 vulnerabilities
latest version
26.4.0
first published
3 years ago
latest version published
26 days ago
licenses detected
- [17.0.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.keycloak:keycloak-quarkus-dist package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via repeated client-initiated TLS renegotiation requests. An attacker can exhaust server CPU resources by sending multiple renegotiation requests over unauthenticated connections. Note: This issue affects only TLS 1.2 users, TLS 1.3 completely removes support for renegotiation, effectively closing this potential attack vector. How to fix Allocation of Resources Without Limits or Throttling? A fix was pushed into the | [0,) |