Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/69810?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-services", "version": "24.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "26.0.0", "latest_non_vulnerable_version": "26.5.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47508?format=api", "vulnerability_id": "VCID-2kyy-pzzx-n7gr", "summary": "Keycloak vulnerable to impersonation via logout token exchange\nKeycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-0657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657" }, { "reference_url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-0657", "GHSA-7fpj-9hr8-28vh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kyy-pzzx-n7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47518?format=api", "vulnerability_id": "VCID-2xvq-t8jp-zfbj", "summary": "Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow\nKeycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).\n\nAllowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", "reference_id": "CVE-2023-6717", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717" }, { "reference_url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6717", "GHSA-8rmm-gm28-pj8q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xvq-t8jp-zfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47514?format=api", "vulnerability_id": "VCID-dt1x-6344-fkda", "summary": "Keycloak Authorization Bypass vulnerability\nDue to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "reference_id": "CVE-2023-6544", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" }, { "reference_url": "https://github.com/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-46c8-635v-68r2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6544", "GHSA-46c8-635v-68r2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dt1x-6344-fkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47516?format=api", "vulnerability_id": "VCID-ghak-3963-juhk", "summary": "Keycloak path traversal vulnerability in the redirect validation\nAn issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2024-2419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419" }, { "reference_url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-2419", "GHSA-mrv8-pqfj-7gp5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghak-3963-juhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47512?format=api", "vulnerability_id": "VCID-kbc1-6psh-17d8", "summary": "Keycloak path transversal vulnerability in redirection validation\nA flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" }, { "reference_url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1132", "GHSA-72vp-xfrc-42xm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbc1-6psh-17d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47510?format=api", "vulnerability_id": "VCID-mt5g-24m9-tfbg", "summary": "Keycloak vulnerable to session hijacking via re-authentication\nA flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-6787" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787" }, { "reference_url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6787", "GHSA-c9h6-v78w-52wj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt5g-24m9-tfbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47506?format=api", "vulnerability_id": "VCID-uya7-2sk1-6uat", "summary": "Keycloak secondary factor bypass in step-up authentication\nKeycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597", "reference_id": "CVE-2023-3597", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597" }, { "reference_url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-3597", "GHSA-4f53-xh3v-g8x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uya7-2sk1-6uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47509?format=api", "vulnerability_id": "VCID-y5qk-qy59-23hn", "summary": "Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS\nA potential security flaw in the \"checkLoginIframe\" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" }, { "reference_url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1249", "GHSA-m6q9-p373-g5q8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5qk-qy59-23hn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" }