VYPR

npm package

keycloak-js

pkg:npm/keycloak-js

Vulnerabilities (1)

  • CVE-2017-7474CriMay 12, 2017
    affected >= 2.5.0, < 3.1.0fixed 3.1.0

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.