VYPR

Maven package

org.keycloak/keycloak-model-infinispan

pkg:maven/org.keycloak/keycloak-model-infinispan

Vulnerabilities (2)

  • CVE-2021-3637Jul 9, 2021
    affected < 14.0.0fixed 14.0.0

    A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

  • CVE-2019-14832Oct 15, 2019
    affected < 7.0.1fixed 7.0.1

    A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.