Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hagn-q75r-xfhs
Summary
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cvg2-7c3j-g36j. This link is maintained to preserve external references.

## Original Description
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
Aliases
0
alias GHSA-5968-qw33-h47j
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@23.0.3
purl pkg:maven/org.keycloak/keycloak-services@23.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-2dgt-7k4f-fyce
2
vulnerability VCID-3sh8-6vsc-1uae
3
vulnerability VCID-41hy-n7tz-3bee
4
vulnerability VCID-5f8r-n4mm-y3g6
5
vulnerability VCID-5vwq-aqk5-nkh9
6
vulnerability VCID-5zh4-963a-q3gp
7
vulnerability VCID-6hy1-r23s-cbhy
8
vulnerability VCID-7c1j-kcbb-v3f1
9
vulnerability VCID-91gs-k267-3kbq
10
vulnerability VCID-9wzh-7ych-y7c6
11
vulnerability VCID-ajcu-s4zn-63cn
12
vulnerability VCID-bhrr-nn9f-7udu
13
vulnerability VCID-by72-dvnw-m3gu
14
vulnerability VCID-cdsa-wmby-ebbq
15
vulnerability VCID-cgf7-vbkd-cua6
16
vulnerability VCID-d2rd-6u56-yfd8
17
vulnerability VCID-d6ku-ys87-cqh4
18
vulnerability VCID-e4ub-v4ef-affb
19
vulnerability VCID-ezqk-pyhr-5ffj
20
vulnerability VCID-gnxr-2t9g-4ye4
21
vulnerability VCID-gzz6-md9v-b3em
22
vulnerability VCID-htax-rbrs-mbdu
23
vulnerability VCID-j4ar-u2rr-qkfu
24
vulnerability VCID-ju1d-vwgb-bqbn
25
vulnerability VCID-m3uj-4mag-kbf2
26
vulnerability VCID-mku9-3bpp-aqbk
27
vulnerability VCID-n76a-pfh2-57bn
28
vulnerability VCID-nxhc-rp71-hbdk
29
vulnerability VCID-pjgz-fa5h-tkfh
30
vulnerability VCID-qgbq-s33g-d7af
31
vulnerability VCID-sgbm-r5mm-sbbx
32
vulnerability VCID-uuf2-u7xh-uuef
33
vulnerability VCID-v7r6-3873-77dc
34
vulnerability VCID-ver5-9t6m-c3ef
35
vulnerability VCID-vstv-ec14-quc5
36
vulnerability VCID-w5f1-xryr-fucq
37
vulnerability VCID-whsx-d6an-hkdm
38
vulnerability VCID-x4aw-v76q-vbdc
39
vulnerability VCID-xd7x-aevv-cfcp
40
vulnerability VCID-xfnw-15sz-zyfr
41
vulnerability VCID-y1h3-yyn9-53fr
42
vulnerability VCID-ysyw-rgyv-bkhj
43
vulnerability VCID-z2bw-n4x2-a7gj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3
Affected_packages
References
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
8
reference_url https://access.redhat.com/security/cve/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6134
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
10
reference_url https://github.com/advisories/GHSA-5968-qw33-h47j
reference_id GHSA-5968-qw33-h47j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5968-qw33-h47j
Weaknesses
0
cwe_id 75
name Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
description The product does not adequately filter user-controlled input for special elements with control implications.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hagn-q75r-xfhs