VulnerableCode Package Details - pkg:rpm/redhat/eap8-slf4j@2.0.16-1.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-2zg5-vw4q-tfay Aliases: CVE-2024-8883 GHSA-w8gr-xwp4-r9f7	Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.	There are no reported fixed by versions.
VCID-b7tz-d1mp-q3fz Aliases: CVE-2023-52428 GHSA-gvpg-vgmx-xg6w	Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.	There are no reported fixed by versions.
VCID-em5z-yc89-kyf9 Aliases: CVE-2022-34169 GHSA-9339-86wc-4qgf	OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)	There are no reported fixed by versions.
VCID-rcx8-pg97-8kg4 Aliases: CVE-2024-41172 GHSA-4mgg-fqfq-64hg	Apache CXF allows unrestricted memory consumption in CXF HTTP clients In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory	There are no reported fixed by versions.
VCID-scmu-ekt8-ybc4 Aliases: CVE-2024-4029 GHSA-x7g6-rwhc-g7mj	Wildfly vulnerable to denial of service A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.	There are no reported fixed by versions.
VCID-yr52-8dc6-kqdh Aliases: CVE-2024-8698 GHSA-xgfv-xpx8-qhcr	Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2zg5-vw4q-tfay
Aliases:
CVE-2024-8883
GHSA-w8gr-xwp4-r9f7

Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.