Search for packages
Package details: pkg:alpm/archlinux/keycloak@12.0.2-1
purl pkg:alpm/archlinux/keycloak@12.0.2-1
Next non-vulnerable version 12.0.3-1
Latest non-vulnerable version 16.0.0-1
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-x3t2-vuap-aaaq
Aliases:
CVE-2021-20195
GHSA-q6w2-89hq-hq27
Cross-site scripting in keycloak
12.0.3-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-q9y4-889z-aaaa Server-Side Request Forgery (SSRF) A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. CVE-2020-10770
GHSA-jh7q-5mwf-qvhw

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:44.374795+00:00 Arch Linux Importer Fixing VCID-q9y4-889z-aaaa https://security.archlinux.org/AVG-1577 36.0.0
2025-03-28T07:45:44.311874+00:00 Arch Linux Importer Affected by VCID-x3t2-vuap-aaaq https://security.archlinux.org/AVG-1578 36.0.0
2024-10-07T16:08:19.995692+00:00 Arch Linux Importer Affected by VCID-x3t2-vuap-aaaq https://security.archlinux.org/AVG-1578 34.0.2
2024-09-18T02:02:05.227151+00:00 Arch Linux Importer Fixing VCID-q9y4-889z-aaaa https://security.archlinux.org/AVG-1577 34.0.1
2024-09-18T02:00:44.753482+00:00 Arch Linux Importer Affected by VCID-x3t2-vuap-aaaq https://security.archlinux.org/AVG-1578 34.0.1
2024-06-10T13:08:00.268441+00:00 Arch Linux Importer Affected by VCID-x3t2-vuap-aaaq https://security.archlinux.org/AVG-1578 34.0.0rc4
2024-01-03T22:28:07.739417+00:00 Arch Linux Importer Fixing VCID-q9y4-889z-aaaa https://security.archlinux.org/AVG-1577 34.0.0rc1
2024-01-03T22:27:02.701905+00:00 Arch Linux Importer Affected by VCID-x3t2-vuap-aaaq https://security.archlinux.org/AVG-1578 34.0.0rc1