GHSA-2mq8-99q7-55wx

Suggest an improvement
Source
https://github.com/advisories/GHSA-2mq8-99q7-55wx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-2mq8-99q7-55wx/GHSA-2mq8-99q7-55wx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2mq8-99q7-55wx
Aliases
Published
2021-05-13T22:29:51Z
Modified
2023-11-08T04:04:35.830362Z
Severity
  • 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Code injection in keycloak
Details

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Database specific
{
    "nvd_published_at": "2021-03-23T17:15:00Z",
    "github_reviewed_at": "2021-03-24T23:54:00Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20",
        "CWE-79"
    ]
}
References

Affected packages

Maven / org.keycloak:keycloak-parent

Package

Name
org.keycloak:keycloak-parent
View open source insights on deps.dev
Purl
pkg:maven/org.keycloak/keycloak-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
12.0.3

Affected versions

9.*

9.0.0
9.0.2
9.0.3

10.*

10.0.0
10.0.1
10.0.2

11.*

11.0.0
11.0.1
11.0.2
11.0.3

12.*

12.0.0
12.0.1
12.0.2