Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1jc1-3gjk-m3bz

Summary

Insufficient Session Expiration
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

Aliases

alias	CVE-2021-3461

alias	GHSA-cm29-6wx7-p874

Fixed_packages

url pkg:alpm/archlinux/keycloak@13.0.1-1

purl pkg:alpm/archlinux/keycloak@13.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1rd-aem6-vfgj

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@13.0.1-1

url pkg:maven/org.keycloak/keycloak-core@10.0.0

purl pkg:maven/org.keycloak/keycloak-core@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-2xyb-g3n4-n3ca

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-49qw-j7rn-qfdf

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-5apu-r7pn-byet

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-7xuf-btg3-ckf6

vulnerability	VCID-c8ps-95au-zbg5

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e85z-cn66-fye8

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-eaaa-ejr9-6ygx

vulnerability	VCID-em5z-nvqy-fucp

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-epys-8p8v-zugv

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gndk-728r-9yh7

vulnerability	VCID-heqp-u355-wyaz

vulnerability	VCID-j1rd-aem6-vfgj

vulnerability	VCID-kp25-fan9-jkd2

vulnerability	VCID-n23y-qjaf-tfcm

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-q38e-e4s5-nkb1

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-t22n-hvrb-67b5

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-yaxc-7za7-zbbe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0

url pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

purl pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xdfe-9zr4-47ax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

url pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

purl pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-psta-4ayh-k7g1

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

url pkg:maven/org.keycloak/keycloak-parent@14.0.0

purl pkg:maven/org.keycloak/keycloak-parent@14.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jpe-awam-wqdz

vulnerability	VCID-7z49-f322-n7g8

vulnerability	VCID-8cmx-d3j7-vqbz

vulnerability	VCID-8zrg-f41g-pqfk

vulnerability	VCID-cabc-jrpz-vuad

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-gndk-728r-9yh7

vulnerability	VCID-jkh6-bvx2-dycm

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u3tj-vmem-jbb9

vulnerability	VCID-umcf-t6w5-juha

vulnerability	VCID-xauc-r9cm-sycu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0

url pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

purl pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-scdf-8m3d-vqff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

url pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

url pkg:maven/org.keycloak/keycloak-services@10.0.0

purl pkg:maven/org.keycloak/keycloak-services@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-2dgp-xdrz-q7dv

vulnerability	VCID-2dgt-7k4f-fyce

vulnerability	VCID-2xyb-g3n4-n3ca

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-3bcu-tbpy-gfg6

vulnerability	VCID-3sh8-6vsc-1uae

vulnerability	VCID-41hy-n7tz-3bee

vulnerability	VCID-44rr-5gtu-bfev

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-5f8r-n4mm-y3g6

vulnerability	VCID-5vwq-aqk5-nkh9

vulnerability	VCID-5zh4-963a-q3gp

vulnerability	VCID-6hy1-r23s-cbhy

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-7c1j-kcbb-v3f1

vulnerability	VCID-83en-fek9-4qd7

vulnerability	VCID-91gs-k267-3kbq

vulnerability	VCID-98yf-g4d3-u3g8

vulnerability	VCID-9wzh-7ych-y7c6

vulnerability	VCID-ajcu-s4zn-63cn

vulnerability	VCID-bhrr-nn9f-7udu

vulnerability	VCID-by72-dvnw-m3gu

vulnerability	VCID-cdsa-wmby-ebbq

vulnerability	VCID-cgf7-vbkd-cua6

vulnerability	VCID-d2rd-6u56-yfd8

vulnerability	VCID-d6ku-ys87-cqh4

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e4ub-v4ef-affb

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-em5z-nvqy-fucp

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-ezqk-pyhr-5ffj

vulnerability	VCID-gndk-728r-9yh7

vulnerability	VCID-gnxr-2t9g-4ye4

vulnerability	VCID-gzz6-md9v-b3em

vulnerability	VCID-htax-rbrs-mbdu

vulnerability	VCID-j4ar-u2rr-qkfu

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-ju1d-vwgb-bqbn

vulnerability	VCID-m3uj-4mag-kbf2

vulnerability	VCID-mku9-3bpp-aqbk

vulnerability	VCID-n76a-pfh2-57bn

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-nxhc-rp71-hbdk

vulnerability	VCID-pjgz-fa5h-tkfh

vulnerability	VCID-qgbq-s33g-d7af

vulnerability	VCID-r5g8-gcss-zuh4

vulnerability	VCID-rrkd-31d4-9yaq

vulnerability	VCID-rssz-yqj9-b7h8

vulnerability	VCID-scdf-8m3d-vqff

vulnerability	VCID-sgbm-r5mm-sbbx

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-uuf2-u7xh-uuef

vulnerability	VCID-v7r6-3873-77dc

vulnerability	VCID-ver5-9t6m-c3ef

vulnerability	VCID-vstv-ec14-quc5

vulnerability	VCID-w5f1-xryr-fucq

vulnerability	VCID-whsx-d6an-hkdm

vulnerability	VCID-x4aw-v76q-vbdc

vulnerability	VCID-xd7x-aevv-cfcp

vulnerability	VCID-xfnw-15sz-zyfr

vulnerability	VCID-xy58-u3se-wfdb

vulnerability	VCID-y1h3-yyn9-53fr

vulnerability	VCID-ysyw-rgyv-bkhj

vulnerability	VCID-z2bw-n4x2-a7gj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-f8mj-85vd-2yh5

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

url pkg:npm/keycloak-connect@10.0.0

purl pkg:npm/keycloak-connect@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0

Affected_packages

url pkg:alpm/archlinux/keycloak@13.0.0-1

purl pkg:alpm/archlinux/keycloak@13.0.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@13.0.0-1

url pkg:maven/org.keycloak/keycloak-core@9.0.13

purl pkg:maven/org.keycloak/keycloak-core@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.13

url pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

purl pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

url pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

purl pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

url pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

purl pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

url pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

purl pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

url pkg:maven/org.keycloak/keycloak-services@9.0.13

purl pkg:maven/org.keycloak/keycloak-services@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.13

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

url pkg:npm/keycloak-connect@9.0.13

purl pkg:npm/keycloak-connect@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.13

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el8sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el8sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

vulnerability	VCID-98yf-g4d3-u3g8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el8sso

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el7sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el7sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

vulnerability	VCID-98yf-g4d3-u3g8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el7sso

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el6sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el6sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jc1-3gjk-m3bz

vulnerability	VCID-98yf-g4d3-u3g8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el6sso

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3461

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16103
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1633
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16127
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16213
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16279
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16261
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16221
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16153
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16087
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16085
published_at	2026-04-01T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16269
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3461

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1941565

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1941565

reference_url

https://github.com/keycloak/keycloak/issues/11203

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/11203

reference_url	https://security.archlinux.org/ASA-202106-19
reference_id	ASA-202106-19
reference_type
scores
url	https://security.archlinux.org/ASA-202106-19

reference_url

https://security.archlinux.org/AVG-1994

reference_id

AVG-1994

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1994

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3461

reference_id

CVE-2021-3461

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3461

reference_url

https://github.com/advisories/GHSA-cm29-6wx7-p874

reference_id

GHSA-cm29-6wx7-p874

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cm29-6wx7-p874

reference_url	https://access.redhat.com/errata/RHSA-2021:2063
reference_id	RHSA-2021:2063
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2063

reference_url	https://access.redhat.com/errata/RHSA-2021:2064
reference_id	RHSA-2021:2064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2064

reference_url	https://access.redhat.com/errata/RHSA-2021:2065
reference_id	RHSA-2021:2065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2065

reference_url	https://access.redhat.com/errata/RHSA-2021:2070
reference_id	RHSA-2021:2070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2070

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jc1-3gjk-m3bz

Vulnerability Instance