Vulnerability	Vulnerable Version
M Open Redirect keycloak-connect is a Identity and Access Management solution for modern Applications and Services. Affected versions of this package are vulnerable to Open Redirect. via the `checkSso` function. `checkSSO` function uses the query param 'prompt=none' when forwarding the request to KeyCloak. This may allow authenticating the user without interaction as long as the user is already authenticated with KeyCloak. Note: This package is deprecated and will be removed in the future. How to fix Open Redirect? Upgrade `keycloak-connect` to version 21.0.1 or higher.	<21.0.1
L Cross-site Scripting (XSS) keycloak-connect is an Identity and Access Management solution for modern Applications and Services. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The Keycloak NodeJS adapter did not support `verify-token-audience`. This could result in some users having access to sensitive information outside of their permissions. How to fix Cross-site Scripting (XSS)? Upgrade `keycloak-connect` to version 10.0.0 or higher.	<10.0.0
M Denial of Service (DoS) keycloak-connect is an Identity and Access Management solution for modern Applications and Services. Affected versions of this package are vulnerable to Denial of Service (DoS). The Node.js adapter did not properly verify the web token received from the server. An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. How to fix Denial of Service (DoS)? Upgrade `keycloak-connect` to version 4.4.0 or higher.	<4.4.0

Go back to all versions of this package