Critical severity9.8NVD Advisory· Published May 12, 2017· Updated Jun 17, 2026
CVE-2017-7474
CVE-2017-7474
Description
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keycloak-connectnpm | >= 2.5.0, < 3.1.0 | 3.1.0 |
keycloak-jsnpm | >= 2.5.0, < 3.1.0 | 3.1.0 |
Affected products
14cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0:cr1:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:3.0.0:cr1:*:*:*:*:*:*
- ghsa-coords2 versions
>= 2.5.0, < 3.1.0+ 1 more
- (no CPE)range: >= 2.5.0, < 3.1.0
- (no CPE)range: >= 2.5.0, < 3.1.0
- Red Hat, Inc./Keycloak Node.js adapterv5Range: 2.5 - 3.0
Patches
Vulnerability mechanics
References
4- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-mw35-24gh-f82wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7474ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2017-1203.htmlnvdWEB
News mentions
0No linked articles in our index yet.