Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-e4uj-ak3b-gqd6

Summary

Insufficient Session Expiration
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

Aliases

alias	CVE-2021-3461

alias	GHSA-cm29-6wx7-p874

Fixed_packages

url pkg:alpm/archlinux/keycloak@13.0.1-1

purl pkg:alpm/archlinux/keycloak@13.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cxx9-9gwy-xyb6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@13.0.1-1

url pkg:maven/org.keycloak/keycloak-core@10.0.0

purl pkg:maven/org.keycloak/keycloak-core@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-361y-pegm-gqbs

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-7pje-w98s-9ueg

vulnerability	VCID-8jvu-59r6-rygw

vulnerability	VCID-8ze1-r95u-xbg8

vulnerability	VCID-9cgx-nsyr-gyc3

vulnerability	VCID-9wq8-wqya-87dw

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-ch1b-adh9-skah

vulnerability	VCID-crj8-4jaa-yyes

vulnerability	VCID-cxx9-9gwy-xyb6

vulnerability	VCID-d5ev-gcfy-6ke1

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-hxup-rgnc-mqbp

vulnerability	VCID-jbzy-b52n-4kcx

vulnerability	VCID-jm25-gtrc-zuhh

vulnerability	VCID-k6ct-rgvj-t3an

vulnerability	VCID-mwdj-rztg-pfgf

vulnerability	VCID-nkbw-r99s-n3fc

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rhrz-f6tf-tkhu

vulnerability	VCID-vs8q-ywf1-3qa2

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-x4z9-b3qr-fybk

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xvvs-ttw1-wkbt

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zabp-1j4k-9bf8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0

url pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

purl pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.0

url pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

purl pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-fsfu-9hr9-2qcr

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-jpa@10.0.0

url pkg:maven/org.keycloak/keycloak-parent@14.0.0

purl pkg:maven/org.keycloak/keycloak-parent@14.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0

url pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

purl pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-361y-pegm-gqbs

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-jfsk-9epz-t7a8

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core-public@10.0.0

url pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@10.0.0

url pkg:maven/org.keycloak/keycloak-services@10.0.0

purl pkg:maven/org.keycloak/keycloak-services@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12yb-w8kt-jyg3

vulnerability	VCID-1fwh-a287-5qgt

vulnerability	VCID-1u7p-4qg4-yqbv

vulnerability	VCID-2kyy-pzzx-n7gr

vulnerability	VCID-2xg4-ad4r-4kce

vulnerability	VCID-2xvq-t8jp-zfbj

vulnerability	VCID-36v6-qmgy-j3cv

vulnerability	VCID-3adr-h63v-c3eg

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-4hs9-48uu-8qbf

vulnerability	VCID-66zv-ra8w-s3b4

vulnerability	VCID-6dya-2u73-vbee

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-6kbf-zmzu-xbgt

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-7uk5-w4qh-8uhq

vulnerability	VCID-8ekh-fbbj-5yfb

vulnerability	VCID-9jrc-ayvh-e7dk

vulnerability	VCID-asmd-x6cy-dqdt

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-bebk-k27t-4qgf

vulnerability	VCID-bub5-f9wf-57d4

vulnerability	VCID-ch1b-adh9-skah

vulnerability	VCID-cs4b-u9hn-9ugy

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-dckx-y9zp-d7fy

vulnerability	VCID-dgdk-ahqm-9ken

vulnerability	VCID-dt1x-6344-fkda

vulnerability	VCID-dvk9-qsq9-4uc3

vulnerability	VCID-dwgd-79t9-d7a1

vulnerability	VCID-exeg-acrj-zkah

vulnerability	VCID-fkdm-gq5h-rbg7

vulnerability	VCID-g36a-kpzd-3bdf

vulnerability	VCID-ghak-3963-juhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-gv5e-6w51-uydc

vulnerability	VCID-gyv4-k3na-eyhu

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-hxup-rgnc-mqbp

vulnerability	VCID-hzvd-ugxf-9fcd

vulnerability	VCID-j8hz-kys5-z3dr

vulnerability	VCID-jfsk-9epz-t7a8

vulnerability	VCID-jhzk-d1en-gkhj

vulnerability	VCID-jm25-gtrc-zuhh

vulnerability	VCID-jpky-uz5r-gbc8

vulnerability	VCID-jq8s-nkj4-j7h7

vulnerability	VCID-k6ct-rgvj-t3an

vulnerability	VCID-kbc1-6psh-17d8

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-kmna-8rms-2bez

vulnerability	VCID-m24y-x4sk-2yd6

vulnerability	VCID-mt5g-24m9-tfbg

vulnerability	VCID-nw1y-zwsy-auff

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-pr4d-pmh8-yfeh

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-s9bw-xmnt-xqbp

vulnerability	VCID-shsh-c1xa-xbes

vulnerability	VCID-sxtm-krnm-kff7

vulnerability	VCID-tv3h-kxj7-u7ct

vulnerability	VCID-tvba-94zp-t3hc

vulnerability	VCID-u2fq-9cjc-1kf6

vulnerability	VCID-ugpk-g4qu-x3b5

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-uya7-2sk1-6uat

vulnerability	VCID-v69z-xrfn-q3gu

vulnerability	VCID-vdjk-2v9a-xfdk

vulnerability	VCID-vs8q-ywf1-3qa2

vulnerability	VCID-vums-fzus-q7dn

vulnerability	VCID-w6nc-88yg-dkem

vulnerability	VCID-wcb5-wnjf-5uhm

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wxaq-rrqq-pyah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xbmd-afn2-kfem

vulnerability	VCID-xk8n-4az9-zfh3

vulnerability	VCID-xmxb-sg5r-ufbt

vulnerability	VCID-xqks-vfap-aqb5

vulnerability	VCID-xymt-c6mk-73ff

vulnerability	VCID-y5qk-qy59-23hn

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zdyb-dh4t-5kam

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jm25-gtrc-zuhh

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@10.0.0

url pkg:npm/keycloak-connect@10.0.0

purl pkg:npm/keycloak-connect@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-361y-pegm-gqbs

vulnerability	VCID-38u7-pvx6-ayb4

vulnerability	VCID-3ajr-7d59-8ycu

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-6vdm-7hxn-3kh3

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-b7wt-ds9h-9bcu

vulnerability	VCID-crj8-4jaa-yyes

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-e5va-tex4-5yea

vulnerability	VCID-jm25-gtrc-zuhh

vulnerability	VCID-k6ct-rgvj-t3an

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0

Affected_packages

url pkg:alpm/archlinux/keycloak@13.0.0-1

purl pkg:alpm/archlinux/keycloak@13.0.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@13.0.0-1

url pkg:maven/org.keycloak/keycloak-core@9.0.13

purl pkg:maven/org.keycloak/keycloak-core@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.13

url pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

purl pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-infinispan@9.0.13

url pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

purl pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-jpa@9.0.13

url pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

purl pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core-public@9.0.13

url pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

purl pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.13

url pkg:maven/org.keycloak/keycloak-services@9.0.13

purl pkg:maven/org.keycloak/keycloak-services@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.13

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.13

url pkg:npm/keycloak-connect@9.0.13

purl pkg:npm/keycloak-connect@9.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.13

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el7sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el7sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

vulnerability	VCID-g36a-kpzd-3bdf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el7sso

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el8sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el8sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

vulnerability	VCID-g36a-kpzd-3bdf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el8sso

url pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el6sso

purl pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1?arch=el6sso

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e4uj-ak3b-gqd6

vulnerability	VCID-g36a-kpzd-3bdf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.13-1.redhat_00006.1%3Farch=el6sso

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3461

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.1655
published_at	2026-06-05T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16468
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3461

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1941565

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1941565

reference_url

https://github.com/keycloak/keycloak/issues/11203

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/11203

reference_url	https://security.archlinux.org/ASA-202106-19
reference_id	ASA-202106-19
reference_type
scores
url	https://security.archlinux.org/ASA-202106-19

reference_url

https://security.archlinux.org/AVG-1994

reference_id

AVG-1994

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1994

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3461

reference_id

CVE-2021-3461

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3461

reference_url

https://github.com/advisories/GHSA-cm29-6wx7-p874

reference_id

GHSA-cm29-6wx7-p874

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cm29-6wx7-p874

reference_url	https://access.redhat.com/errata/RHSA-2021:2063
reference_id	RHSA-2021:2063
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2063

reference_url	https://access.redhat.com/errata/RHSA-2021:2064
reference_id	RHSA-2021:2064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2064

reference_url	https://access.redhat.com/errata/RHSA-2021:2065
reference_id	RHSA-2021:2065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2065

reference_url	https://access.redhat.com/errata/RHSA-2021:2070
reference_id	RHSA-2021:2070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2070

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4uj-ak3b-gqd6

Vulnerability Instance