org.keycloak:keycloak-themes@2.0.0.Final vulnerabilities

  • latest version

    26.0.7

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    23 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.keycloak:keycloak-themes package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the oob OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.keycloak:keycloak-themes to version 21.0.0 or higher.

    [,21.0.0)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the execute-actions-email endpoint in the admin REST API. Users can inject HTML into emails sent to other users.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.keycloak:keycloak-themes to version 20.0.4 or higher.

    [,20.0.4)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.keycloak:keycloak-themes to version 19.0.2 or higher.

    [,19.0.2)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via loggedInUserName and referrerUri.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.keycloak:keycloak-themes to version 13.0.0 or higher.

    [0,13.0.0)