High severityNVD Advisory· Published May 13, 2020· Updated Aug 4, 2024

CVE-2020-1714

Description

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.keycloak:keycloak-coreMaven	< 11.0.0	11.0.0
org.keycloak:keycloak-commonMaven	< 11.0.0	11.0.0

Affected products

ghsa-coords2 versions
pkg:maven/org.keycloak/keycloak-common pkg:maven/org.keycloak/keycloak-core
< 11.0.0+ 1 more
- (no CPE)range: < 11.0.0
- (no CPE)range: < 11.0.0
Red Hat/Keycloakcpe-rescue
Range: before 11.0.0

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-m6mm-q862-j366ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-1714ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fdghsaWEB
github.com/keycloak/keycloak/pull/7053ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000