Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/keycloak-connect@0.0.0
Typenpm
Namespace
Namekeycloak-connect
Version0.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.1
Latest_non_vulnerable_version23.0.0
Affected_by_vulnerabilities
0
url VCID-b7wt-ds9h-9bcu
vulnerability_id VCID-b7wt-ds9h-9bcu
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1049
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
5
reference_url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
6
reference_url https://github.com/keycloak/keycloak/pull/16774
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/pull/16774
7
reference_url https://access.redhat.com/security/cve/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-4137
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
9
reference_url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
10
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
fixed_packages
aliases CVE-2022-4137, GHSA-9hhc-pj4w-w5rv, GMS-2023-616
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7wt-ds9h-9bcu
1
url VCID-e5va-tex4-5yea
vulnerability_id VCID-e5va-tex4-5yea
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1047
4
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1049
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
6
reference_url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
7
reference_url https://access.redhat.com/security/cve/cve-2022-1438
reference_id CVE-2022-1438
reference_type
scores
url https://access.redhat.com/security/cve/cve-2022-1438
8
reference_url https://access.redhat.com/security/cve/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1438
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
10
reference_url https://github.com/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
url https://github.com/advisories/GHSA-w354-2f3c-qvg9
11
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
fixed_packages
aliases CVE-2022-1438, GHSA-w354-2f3c-qvg9, GMS-2023-529
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5va-tex4-5yea
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@0.0.0