VYPR
Medium severity6.5GHSA Advisory· Published Jan 14, 2025· Updated Apr 15, 2026

CVE-2024-11734

CVE-2024-11734

Description

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-quarkus-serverMaven
< 26.0.826.0.8

Affected products

10

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.