Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-quarkus-dist@21.0.0

Type maven

Namespace org.keycloak

Name keycloak-quarkus-dist

Version 21.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 26.4.4

Latest_non_vulnerable_version 26.4.4

Affected_by_vulnerabilities

url VCID-187p-eucx-xkbc

vulnerability_id VCID-187p-eucx-xkbc

summary

Keycloak TLS Client-Initiated Renegotiation Denial of Service
Keycloak is vulnerable to a Denial of Service (DoS) attack due to the default JDK setting that permits Client-Initiated Renegotiation in TLS 1.2. An unauthenticated remote attacker can repeatedly initiate TLS renegotiation requests to exhaust server CPU resources, making the service unavailable. Immediate mitigation is available by setting the `-Djdk.tls.rejectClientInitiatedRenegotiation=true` Java system property in the Keycloak startup configuration.

references

reference_url

https://access.redhat.com/errata/RHSA-2025:18254

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://access.redhat.com/errata/RHSA-2025:18254

reference_url

https://access.redhat.com/errata/RHSA-2025:18255

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://access.redhat.com/errata/RHSA-2025:18255

reference_url

https://access.redhat.com/errata/RHSA-2025:18889

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://access.redhat.com/errata/RHSA-2025:18889

reference_url

https://access.redhat.com/errata/RHSA-2025:18890

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://access.redhat.com/errata/RHSA-2025:18890

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11419.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11419.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11419

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28173
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11419

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2402142

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2402142

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/discussions/25209

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://github.com/keycloak/keycloak/discussions/25209

reference_url

https://github.com/keycloak/keycloak/issues/43020

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://github.com/keycloak/keycloak/issues/43020

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
reference_id	cpe:/a:redhat:build_keycloak:26.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id	cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id	cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9

reference_url

https://access.redhat.com/security/cve/CVE-2025-11419

reference_id

CVE-2025-11419

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-23T20:51:23Z/

url

https://access.redhat.com/security/cve/CVE-2025-11419

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-11419

reference_id

CVE-2025-11419

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-11419

reference_url

https://github.com/advisories/GHSA-q8hq-4h99-fj7x

reference_id

GHSA-q8hq-4h99-fj7x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q8hq-4h99-fj7x

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7x

reference_id

GHSA-q8hq-4h99-fj7x

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7x

fixed_packages

url	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.0.16
purl	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-quarkus-dist@26.0.16

url	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.2.10
purl	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.2.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-quarkus-dist@26.2.10

url pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.1

purl pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wgaj-esqz-27fk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.1

aliases CVE-2025-11419, GHSA-q8hq-4h99-fj7x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-187p-eucx-xkbc

url VCID-wgaj-esqz-27fk

vulnerability_id VCID-wgaj-esqz-27fk

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/errata/RHSA-2025:21370

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://access.redhat.com/errata/RHSA-2025:21370

reference_url

https://access.redhat.com/errata/RHSA-2025:21371

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://access.redhat.com/errata/RHSA-2025:21371

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11538.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11538

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01702
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11538

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2402622

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2402622

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9

reference_url

https://github.com/keycloak/keycloak/pull/43574

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://github.com/keycloak/keycloak/pull/43574

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

https://access.redhat.com/security/cve/CVE-2025-11538

reference_id

CVE-2025-11538

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T18:01:03Z/

url

https://access.redhat.com/security/cve/CVE-2025-11538

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-11538

reference_id

CVE-2025-11538

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-11538

reference_url

https://github.com/advisories/GHSA-7m9g-pmxf-m9m8

reference_id

GHSA-7m9g-pmxf-m9m8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7m9g-pmxf-m9m8

reference_url

https://github.com/advisories/GHSA-j4vq-q93m-4683

reference_id

GHSA-j4vq-q93m-4683

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j4vq-q93m-4683

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-j4vq-q93m-4683

reference_id

GHSA-j4vq-q93m-4683

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-j4vq-q93m-4683

fixed_packages

url	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.4
purl	pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-quarkus-dist@26.4.4

aliases CVE-2025-11538, GHSA-7m9g-pmxf-m9m8, GHSA-j4vq-q93m-4683

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgaj-esqz-27fk

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-quarkus-dist@21.0.0

Package Instance