VulnerableCode Package Details - pkg:rpm/redhat/rh-sso7@1-4?arch=el7sso

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rh-sso7@1-4?arch=el7sso

Essentials
History (2)

purl	pkg:rpm/redhat/rh-sso7@1-4?arch=el7sso

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-em5z-nvqy-fucp Aliases: CVE-2021-3856 GHSA-3w4v-rvc4-2xpw	Keycloak has Files or Directories Accessible to External Parties ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.	There are no reported fixed by versions.
VCID-zh9y-6uac-53c6 Aliases: CVE-2022-0839 GHSA-jvfv-hrrc-6q72	Improper Restriction of XML External Entity Reference in Liquibase The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:01:18.404875+00:00	RedHat Importer	Affected by	VCID-em5z-nvqy-fucp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json	38.0.0
2026-04-01T14:00:29.386518+00:00	RedHat Importer	Affected by	VCID-zh9y-6uac-53c6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0839.json	38.0.0