Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dd3n-vx2q-b3b8
Summary
Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of [GHSA-wf7g-7h6h-678v](https://github.com/advisories/GHSA-wf7g-7h6h-678v). This link is maintained to preserve external references.

## Original Description
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
Aliases
0
alias GHSA-q2gp-gph3-88x9
Fixed_packages
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-saml-core@19.0.1
purl pkg:maven/org.keycloak/keycloak-saml-core@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dd3n-vx2q-b3b8
1
vulnerability VCID-qcj1-m1ga-9qh1
2
vulnerability VCID-xd7x-aevv-cfcp
3
vulnerability VCID-z76m-nbap-v7ab
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@19.0.1
References
0
reference_url https://access.redhat.com/security/cve/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-2668
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
4
reference_url https://github.com/advisories/GHSA-q2gp-gph3-88x9
reference_id GHSA-q2gp-gph3-88x9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2gp-gph3-88x9
Weaknesses
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dd3n-vx2q-b3b8