Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kj7x-2shm-fqh1
Summary
Improper Authentication
A vulnerability was found in Keycloak where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Aliases
0
alias CVE-2019-14909
1
alias GHSA-fv4q-wm8c-wjg4
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@8.0.0
purl pkg:maven/org.keycloak/keycloak-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-7662-z35s-9qeq
3
vulnerability VCID-8sqn-nkzx-euec
4
vulnerability VCID-9kte-cfz7-hqa3
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-gr2e-ntp4-9fdg
7
vulnerability VCID-hr92-2apu-abg5
8
vulnerability VCID-kfxs-f5j7-mfhu
9
vulnerability VCID-ku7s-gnhp-a3du
10
vulnerability VCID-qjhb-ubp5-ukdy
11
vulnerability VCID-rb4v-3kux-4fas
12
vulnerability VCID-rt61-271c-nkgk
13
vulnerability VCID-t8wj-9vkr-hbc6
14
vulnerability VCID-wq2e-1xds-3qah
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y36z-qpqd-37cs
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0
1
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-parent@7.0
purl pkg:maven/org.keycloak/keycloak-parent@7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kj7x-2shm-fqh1
1
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0
1
url pkg:maven/org.keycloak/keycloak-parent@7.0.0
purl pkg:maven/org.keycloak/keycloak-parent@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hr92-2apu-abg5
10
vulnerability VCID-kfxs-f5j7-mfhu
11
vulnerability VCID-kj7x-2shm-fqh1
12
vulnerability VCID-ku7s-gnhp-a3du
13
vulnerability VCID-qjhb-ubp5-ukdy
14
vulnerability VCID-rb4v-3kux-4fas
15
vulnerability VCID-rt61-271c-nkgk
16
vulnerability VCID-t8wj-9vkr-hbc6
17
vulnerability VCID-wq2e-1xds-3qah
18
vulnerability VCID-xbkp-kjgd-fqcx
19
vulnerability VCID-xghp-f8g9-akhn
20
vulnerability VCID-y36z-qpqd-37cs
21
vulnerability VCID-y9de-4w6u-abfa
22
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0.0
2
url pkg:maven/org.keycloak/keycloak-parent@7.0.1
purl pkg:maven/org.keycloak/keycloak-parent@7.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hr92-2apu-abg5
10
vulnerability VCID-kfxs-f5j7-mfhu
11
vulnerability VCID-kj7x-2shm-fqh1
12
vulnerability VCID-ku7s-gnhp-a3du
13
vulnerability VCID-qjhb-ubp5-ukdy
14
vulnerability VCID-rb4v-3kux-4fas
15
vulnerability VCID-rt61-271c-nkgk
16
vulnerability VCID-t8wj-9vkr-hbc6
17
vulnerability VCID-wq2e-1xds-3qah
18
vulnerability VCID-xbkp-kjgd-fqcx
19
vulnerability VCID-xghp-f8g9-akhn
20
vulnerability VCID-y36z-qpqd-37cs
21
vulnerability VCID-y9de-4w6u-abfa
22
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0.1
3
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-cwqj-tnbj-3ubh
11
vulnerability VCID-dc8s-fqv5-1uhk
12
vulnerability VCID-dx7u-4d6j-cfee
13
vulnerability VCID-e5va-tex4-5yea
14
vulnerability VCID-jm25-gtrc-zuhh
15
vulnerability VCID-k6ct-rgvj-t3an
16
vulnerability VCID-kj7x-2shm-fqh1
17
vulnerability VCID-p1cj-f4de-1qc4
18
vulnerability VCID-rt61-271c-nkgk
19
vulnerability VCID-wgzd-wv2e-pyhy
20
vulnerability VCID-wt2c-cyu2-kbgm
21
vulnerability VCID-wuh8-4akm-2uae
22
vulnerability VCID-x24y-5nan-efg3
23
vulnerability VCID-xbkp-kjgd-fqcx
24
vulnerability VCID-xghp-f8g9-akhn
25
vulnerability VCID-y9de-4w6u-abfa
26
vulnerability VCID-zfgf-9455-d3fe
27
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
4
url pkg:npm/keycloak-connect@7.0.1
purl pkg:npm/keycloak-connect@7.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-97sj-h6z5-gqcj
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-b7wt-ds9h-9bcu
10
vulnerability VCID-crj8-4jaa-yyes
11
vulnerability VCID-cwqj-tnbj-3ubh
12
vulnerability VCID-dc8s-fqv5-1uhk
13
vulnerability VCID-e5va-tex4-5yea
14
vulnerability VCID-jm25-gtrc-zuhh
15
vulnerability VCID-k6ct-rgvj-t3an
16
vulnerability VCID-kj7x-2shm-fqh1
17
vulnerability VCID-p1cj-f4de-1qc4
18
vulnerability VCID-rt61-271c-nkgk
19
vulnerability VCID-wgzd-wv2e-pyhy
20
vulnerability VCID-wt2c-cyu2-kbgm
21
vulnerability VCID-wuh8-4akm-2uae
22
vulnerability VCID-x24y-5nan-efg3
23
vulnerability VCID-xbkp-kjgd-fqcx
24
vulnerability VCID-xghp-f8g9-akhn
25
vulnerability VCID-y9de-4w6u-abfa
26
vulnerability VCID-zfgf-9455-d3fe
27
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14909.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14909.json
1
reference_url https://access.redhat.com/security/cve/cve-2019-14909
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2019-14909
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14909
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52681
published_at 2026-06-07T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52677
published_at 2026-06-09T12:55:00Z
2
value 0.0029
scoring_system epss
scoring_elements 0.52654
published_at 2026-06-08T12:55:00Z
3
value 0.0029
scoring_system epss
scoring_elements 0.52633
published_at 2026-06-04T12:55:00Z
4
value 0.0029
scoring_system epss
scoring_elements 0.52692
published_at 2026-06-05T12:55:00Z
5
value 0.0029
scoring_system epss
scoring_elements 0.52699
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14909
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778259
reference_id 1778259
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778259
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14909
reference_id CVE-2019-14909
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14909
7
reference_url https://github.com/advisories/GHSA-fv4q-wm8c-wjg4
reference_id GHSA-fv4q-wm8c-wjg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv4q-wm8c-wjg4
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 306
name Missing Authentication for Critical Function
description The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
4
cwe_id 305
name Authentication Bypass by Primary Weakness
description The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Exploits
Severity_range_score7.0 - 9.3
Exploitability0.5
Weighted_severity8.4
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kj7x-2shm-fqh1