VulnerableCode Package Details - pkg:alpm/archlinux/keycloak@12.0.0-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/keycloak@12.0.0-1

Essentials
History (2)

purl	pkg:alpm/archlinux/keycloak@12.0.0-1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-rssz-yqj9-b7h8	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw	CVE-2020-14366 GHSA-cp67-8w3w-6h9c
VCID-t22n-hvrb-67b5	Authentication Bypass in keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.	CVE-2020-27826 GHSA-m9cj-v55f-8x26

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:57.379659+00:00	Arch Linux Importer	Fixing	VCID-t22n-hvrb-67b5	https://security.archlinux.org/AVG-1373	38.0.0
2026-04-01T18:26:56.146413+00:00	Arch Linux Importer	Fixing	VCID-rssz-yqj9-b7h8	https://security.archlinux.org/AVG-1471	38.0.0