Moderate severityNVD Advisory· Published Mar 27, 2023· Updated Feb 24, 2025
CVE-2022-2237
CVE-2022-2237
Description
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keycloak-connectnpm | < 21.0.1 | 21.0.1 |
Affected products
1Patches
1190a9470e234Prevent open redirect when checking SSO
1 file changed · +2 −1
middleware/check-sso.js+2 −1 modified@@ -61,7 +61,8 @@ module.exports = function (keycloak) { delete urlParts.query.auth_callback delete urlParts.query.state - const cleanUrl = URL.format(urlParts) + // Collapse leading slashes to a single slash to prevent open redirects + const cleanUrl = URL.format(urlParts).replace(/^\/+/, '/') // Check SSO process is completed request.session.auth_is_check_sso_complete = true
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-59fq-727j-hm3fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2237ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21ghsaWEB
- github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3fghsaWEB
News mentions
0No linked articles in our index yet.