{"url":"http://public2.vulnerablecode.io/api/packages/68187?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.0","type":"maven","namespace":"org.keycloak","name":"keycloak-core","version":"23.0.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"23.0.4","latest_non_vulnerable_version":"23.0.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46659?format=json","vulnerability_id":"VCID-k6ct-rgvj-t3an","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nA flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673"},{"reference_url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-6134"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134"},{"reference_url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68187?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0"}],"aliases":["CVE-2023-6134","GHSA-cvg2-7c3j-g36j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ct-rgvj-t3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46902?format=json","vulnerability_id":"VCID-xbkp-kjgd-fqcx","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68187?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0"}