Medium severity6.5GHSA Advisory· Published Jan 14, 2025· Updated Apr 15, 2026
CVE-2024-11734
CVE-2024-11734
Description
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-quarkus-serverMaven | < 26.0.8 | 26.0.8 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:maven/org.keycloak/keycloak-quarkus-server
< 26.0.8-r0+ 8 more
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8-r0
- (no CPE)range: < 26.0.8
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-w3g8-r9gw-qrh8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-11734ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:0299nvdWEB
- access.redhat.com/errata/RHSA-2025:0300nvdWEB
- access.redhat.com/security/cve/CVE-2024-11734nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/commit/93b2a7327b2557eb132a8169086c5e63c81dff79ghsaWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-w3g8-r9gw-qrh8ghsaWEB
News mentions
0No linked articles in our index yet.