VYPR

npm package

keycloak-connect

pkg:npm/keycloak-connect

Vulnerabilities (3)

  • CVE-2022-2237Mar 27, 2023
    affected < 21.0.1fixed 21.0.1

    A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

  • CVE-2019-10157Jun 12, 2019
    affected < 4.8.3fixed 4.8.3

    It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent

  • CVE-2017-7474CriMay 12, 2017
    affected >= 2.5.0, < 3.1.0fixed 3.1.0

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.