Maven package
org.keycloak/keycloak-model-infinispan
pkg:maven/org.keycloak/keycloak-model-infinispan
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3637 | — | < 14.0.0 | 14.0.0 | Jul 9, 2021 | A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | ||
| CVE-2019-14832 | — | < 7.0.1 | 7.0.1 | Oct 15, 2019 | A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. |
- CVE-2021-3637Jul 9, 2021affected < 14.0.0fixed 14.0.0
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
- CVE-2019-14832Oct 15, 2019affected < 7.0.1fixed 7.0.1
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.