Homepage

keycloak-connect@11.0.2

Keycloak Connect Middleware

  • latest version

    26.1.1

  • latest non vulnerable version

    26.1.1

  • first published

    11 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View keycloak-connect package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the keycloak-connect package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Open Redirect

    keycloak-connect is a Identity and Access Management solution for modern Applications and Services.

    Affected versions of this package are vulnerable to Open Redirect. via the checkSso function. checkSSO function uses the query param 'prompt=none' when forwarding the request to KeyCloak. This may allow authenticating the user without interaction as long as the user is already authenticated with KeyCloak.

    Note: This package is deprecated and will be removed in the future.

    How to fix Open Redirect?

    Upgrade keycloak-connect to version 21.0.1 or higher.

    <21.0.1
    Go back to all versions of this package