VulnerableCode Package Details - pkg:alpm/archlinux/keycloak@11.0.3-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/keycloak@11.0.3-1

Essentials
History (2)

purl	pkg:alpm/archlinux/keycloak@11.0.3-1

Next non-vulnerable version	12.0.0-1
Latest non-vulnerable version	16.0.0-1
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-rssz-yqj9-b7h8 Aliases: CVE-2020-14366 GHSA-cp67-8w3w-6h9c	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw	12.0.0-1 Affected by 0 other vulnerabilities.
VCID-t22n-hvrb-67b5 Aliases: CVE-2020-27826 GHSA-m9cj-v55f-8x26	Authentication Bypass in keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.	12.0.0-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:57.375740+00:00	Arch Linux Importer	Affected by	VCID-t22n-hvrb-67b5	https://security.archlinux.org/AVG-1373	38.0.0
2026-04-01T18:26:56.141881+00:00	Arch Linux Importer	Affected by	VCID-rssz-yqj9-b7h8	https://security.archlinux.org/AVG-1471	38.0.0