Origin Validation Error The advisory has been revoked - it doesn't affect any version of package eap7-jackson-modules-base  (opens in a new tab)


Threat Intelligence

EPSS
0.2% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-EAP7JACKSONMODULESBASE-10501589
  • published26 Jun 2025
  • disclosed16 Apr 2024

Introduced: 16 Apr 2024

CVE-2024-1249  (opens in a new tab)
CWE-346  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream eap7-jackson-modules-base package and not the eap7-jackson-modules-base package as distributed by RHEL.

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.