Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-core@2.5.1

Type maven

Namespace org.keycloak

Name keycloak-core

Version 2.5.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.5.5

Latest_non_vulnerable_version 26.0.6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-asw1-xz83-tqb3

vulnerability_id VCID-asw1-xz83-tqb3

summary

Information Exposure
It was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_id

reference_type

scores

value	0.00629
scoring_system	epss
scoring_elements	0.70652
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582

reference_url	http://www.securityfocus.com/bid/101046
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101046

reference_url	http://www.securitytracker.com/id/1041707
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041707

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481
reference_id	1410481
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_id

CVE-2017-2582

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_id

GHSA-c77r-6f64-478q

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_url	https://access.redhat.com/errata/RHSA-2017:3216
reference_id	RHSA-2017:3216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3216

reference_url	https://access.redhat.com/errata/RHSA-2017:3217
reference_id	RHSA-2017:3217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3217

reference_url	https://access.redhat.com/errata/RHSA-2017:3218
reference_id	RHSA-2017:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3218

reference_url	https://access.redhat.com/errata/RHSA-2017:3219
reference_id	RHSA-2017:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3219

reference_url	https://access.redhat.com/errata/RHSA-2017:3220
reference_id	RHSA-2017:3220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3220

reference_url	https://access.redhat.com/errata/RHSA-2019:0136
reference_id	RHSA-2019:0136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0136

reference_url	https://access.redhat.com/errata/RHSA-2019:0137
reference_id	RHSA-2019:0137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0137

reference_url	https://access.redhat.com/errata/RHSA-2019:0139
reference_id	RHSA-2019:0139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0139

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

purl pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-mkkw-kxbq-7yhg

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

url	pkg:maven/org.keycloak/keycloak-core@2.5.1
purl	pkg:maven/org.keycloak/keycloak-core@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1

aliases CVE-2017-2582, GHSA-c77r-6f64-478q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asw1-xz83-tqb3

url VCID-ek3f-9qnu-27gv

vulnerability_id VCID-ek3f-9qnu-27gv

summary

Information Exposure
Keycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0876.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0876.html

reference_url

https://access.redhat.com/errata/RHSA-2017:0872

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:0872

reference_url

https://access.redhat.com/errata/RHSA-2017:0873

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:0873

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2585

reference_id

reference_type

scores

value	0.00671
scoring_system	epss
scoring_elements	0.71773
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2585

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1412376

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1412376

reference_url

https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180

reference_url

https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393

reference_url	http://www.securityfocus.com/bid/97393
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97393

reference_url	http://www.securitytracker.com/id/1038180
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2585

reference_id

CVE-2017-2585

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2585

reference_url

https://github.com/advisories/GHSA-w6gv-3r3v-gwgj

reference_id

GHSA-w6gv-3r3v-gwgj

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w6gv-3r3v-gwgj

reference_url	https://access.redhat.com/errata/RHSA-2017:0876
reference_id	RHSA-2017:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0876

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

purl pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-mkkw-kxbq-7yhg

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

url	pkg:maven/org.keycloak/keycloak-core@2.5.1
purl	pkg:maven/org.keycloak/keycloak-core@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1

aliases CVE-2017-2585, GHSA-w6gv-3r3v-gwgj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek3f-9qnu-27gv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1

Package Instance