Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/keycloak-auth-utils@3.0.0

Type npm

Namespace

Name keycloak-auth-utils

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.1.0

Latest_non_vulnerable_version 3.1.0

Affected_by_vulnerabilities

url VCID-nrkd-axgr-qyej

vulnerability_id VCID-nrkd-axgr-qyej

summary

Improper Validation of Certificate Expiration
Keycloak does not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-1203.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-1203.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1445271
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1445271

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7474
reference_id	CVE-2017-7474
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7474

reference_url	https://github.com/advisories/GHSA-mw35-24gh-f82w
reference_id	GHSA-mw35-24gh-f82w
reference_type
scores
url	https://github.com/advisories/GHSA-mw35-24gh-f82w

fixed_packages

url	pkg:npm/keycloak-auth-utils@3.1.0
purl	pkg:npm/keycloak-auth-utils@3.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-auth-utils@3.1.0

aliases CVE-2017-7474, GHSA-mw35-24gh-f82w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrkd-axgr-qyej

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-auth-utils@3.0.0

Package Instance