Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7eps-984r-effr

Summary

Keycloak vulnerable to log Injection during WebAuthn authentication or registration
A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.

Acknowledgements:
Special thanks toTheresa Henze for reporting this issue and helping us improve our security.

Aliases

alias	CVE-2023-6484

alias	GHSA-j628-q885-8gr5

Fixed_packages

url	pkg:maven/org.keycloak/keycloak-services@22.0.9
purl	pkg:maven/org.keycloak/keycloak-services@22.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9

url	pkg:maven/org.keycloak/keycloak-services@23.0.5
purl	pkg:maven/org.keycloak/keycloak-services@23.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5

Affected_packages

url pkg:maven/org.keycloak/keycloak-services@23.0.0

purl pkg:maven/org.keycloak/keycloak-services@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qmd-pmw8-g7fu

vulnerability	VCID-1vt4-atrk-7qet

vulnerability	VCID-2pkm-5t3t-rygs

vulnerability	VCID-3ese-6dfu-1bhe

vulnerability	VCID-3rdf-9pec-vua3

vulnerability	VCID-3xad-4hy6-dkcf

vulnerability	VCID-4x3a-6k9m-8qha

vulnerability	VCID-5w6u-h7mk-6qds

vulnerability	VCID-7eps-984r-effr

vulnerability	VCID-a1pj-tqgz-rkd7

vulnerability	VCID-sf7t-yy7r-1ugn

vulnerability	VCID-tbwr-jys1-9ber

vulnerability	VCID-zs3j-z2ys-kke5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0

References

reference_url	https://access.redhat.com/errata/RHSA-2024:0798
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0798

reference_url	https://access.redhat.com/errata/RHSA-2024:0799
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0799

reference_url	https://access.redhat.com/errata/RHSA-2024:0800
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0800

reference_url	https://access.redhat.com/errata/RHSA-2024:0801
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0801

reference_url	https://access.redhat.com/errata/RHSA-2024:0804
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0804

reference_url	https://access.redhat.com/errata/RHSA-2024:1860
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1860

reference_url	https://access.redhat.com/errata/RHSA-2024:1861
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1861

reference_url	https://access.redhat.com/errata/RHSA-2024:1862
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1862

reference_url	https://access.redhat.com/errata/RHSA-2024:1864
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1864

reference_url	https://access.redhat.com/errata/RHSA-2024:1865
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1865

reference_url	https://access.redhat.com/errata/RHSA-2024:1866
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1866

reference_url	https://access.redhat.com/errata/RHSA-2024:1867
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1867

reference_url	https://access.redhat.com/errata/RHSA-2024:1868
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1868

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6484

reference_id

reference_type

scores

value	0.00596
scoring_system	epss
scoring_elements	0.697
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6484

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2248423
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2248423

reference_url	https://github.com/keycloak/keycloak
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak

reference_url	https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff

reference_url	https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a

reference_url	https://github.com/keycloak/keycloak/issues/25078
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/issues/25078

reference_url	https://access.redhat.com/security/cve/CVE-2023-6484
reference_id	CVE-2023-6484
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-6484

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-6484
reference_id	CVE-2023-6484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-6484

reference_url

https://github.com/advisories/GHSA-j628-q885-8gr5

reference_id

GHSA-j628-q885-8gr5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j628-q885-8gr5

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5

reference_id

GHSA-j628-q885-8gr5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5

Weaknesses

cwe_id	117
name	Improper Output Neutralization for Logs
description	The product does not neutralize or incorrectly neutralizes output that is written to logs.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eps-984r-effr

Vulnerability Instance