Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1vt4-atrk-7qet
Summary
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A potential security flaw in the "checkLoginIframe" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Aliases
0
alias CVE-2024-1249
1
alias GHSA-m6q9-p373-g5q8
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@22.0.10
purl pkg:maven/org.keycloak/keycloak-services@22.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10
1
url pkg:maven/org.keycloak/keycloak-services@24.0.3
purl pkg:maven/org.keycloak/keycloak-services@24.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zh1q-zyar-vqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-services@23.0.0
purl pkg:maven/org.keycloak/keycloak-services@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qmd-pmw8-g7fu
1
vulnerability VCID-1vt4-atrk-7qet
2
vulnerability VCID-2pkm-5t3t-rygs
3
vulnerability VCID-3ese-6dfu-1bhe
4
vulnerability VCID-3rdf-9pec-vua3
5
vulnerability VCID-3xad-4hy6-dkcf
6
vulnerability VCID-4x3a-6k9m-8qha
7
vulnerability VCID-5w6u-h7mk-6qds
8
vulnerability VCID-7eps-984r-effr
9
vulnerability VCID-a1pj-tqgz-rkd7
10
vulnerability VCID-sf7t-yy7r-1ugn
11
vulnerability VCID-tbwr-jys1-9ber
12
vulnerability VCID-zs3j-z2ys-kke5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0
References
0
reference_url https://access.redhat.com/errata/RHSA-2024:1860
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1860
1
reference_url https://access.redhat.com/errata/RHSA-2024:1861
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1861
2
reference_url https://access.redhat.com/errata/RHSA-2024:1862
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1862
3
reference_url https://access.redhat.com/errata/RHSA-2024:1864
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1864
4
reference_url https://access.redhat.com/errata/RHSA-2024:1866
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1866
5
reference_url https://access.redhat.com/errata/RHSA-2024:1867
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1867
6
reference_url https://access.redhat.com/errata/RHSA-2024:1868
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1868
7
reference_url https://access.redhat.com/errata/RHSA-2024:2945
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2945
8
reference_url https://access.redhat.com/errata/RHSA-2024:4057
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4057
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1249
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45997
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1249
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262918
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262918
11
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak
12
reference_url https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
13
reference_url https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
14
reference_url https://access.redhat.com/security/cve/CVE-2024-1249
reference_id CVE-2024-1249
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2024-1249
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1249
reference_id CVE-2024-1249
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-1249
16
reference_url https://github.com/advisories/GHSA-m6q9-p373-g5q8
reference_id GHSA-m6q9-p373-g5q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q9-p373-g5q8
17
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
reference_id GHSA-m6q9-p373-g5q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
Weaknesses
0
cwe_id 346
name Origin Validation Error
description The product does not properly verify that the source of data or communication is valid.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1vt4-atrk-7qet