Redhat: >> Keycloak >> 10.0.1 Security Vulnerabilities
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-16
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-09-16
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
CVSS Score
7.5
EPSS Score
0.022
Published
2020-05-13
Page 4