VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-jpa@21.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-s711-x8ae-aaaj	An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	CVE-2023-6563 GHSA-54f3-c6hg-865h

Vulnerability

Summary

Aliases

VCID-s711-x8ae-aaaj

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

CVE-2023-6563
GHSA-54f3-c6hg-865h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.382727+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.3
2025-06-20T16:49:39.088325+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.3
2025-06-03T23:29:00.861594+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.0
2025-06-03T23:27:09.895218+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.0
2025-06-02T23:26:40.540996+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.2
2025-06-02T23:24:45.985302+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.2
2025-04-03T21:52:45.781662+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.0.0
2025-04-03T21:48:35.547644+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.0.0
2025-02-18T03:44:09.826581+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.1.0
2025-02-18T01:06:38.034749+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.1.0
2024-11-21T01:01:01.067100+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.0.0
2024-11-20T23:31:17.273564+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.0.0
2024-11-19T00:49:38.568354+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.3.2
2024-11-18T23:20:26.878703+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.3.2
2024-10-15T19:21:03.226662+00:00	GithubOSV Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-54f3-c6hg-865h/GHSA-54f3-c6hg-865h.json	34.0.2
2024-10-08T01:21:23.909795+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.2
2024-10-08T00:17:34.519939+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.2
2024-10-07T21:52:23.287540+00:00	GHSA Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.2
2024-09-23T00:31:32.680868+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.1
2024-09-18T09:23:08.460569+00:00	GithubOSV Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-54f3-c6hg-865h/GHSA-54f3-c6hg-865h.json	34.0.1
2024-09-17T22:41:41.585380+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.1
2024-09-17T22:01:31.872166+00:00	GHSA Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.1
2024-05-17T21:07:19.292331+00:00	GHSA Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc4
2024-04-24T03:59:21.008627+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.0rc4
2024-04-24T02:42:35.320693+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.0rc4
2024-04-23T23:15:09.812389+00:00	GithubOSV Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-54f3-c6hg-865h/GHSA-54f3-c6hg-865h.json	34.0.0rc4
2024-01-14T15:50:49.919368+00:00	GitLab Importer	Fixing	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.0rc2
2024-01-10T03:13:50.308637+00:00	GHSA Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc2
2024-01-03T17:36:22.053418+00:00	GHSA Importer	Fixing	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc1

2025-06-20T16:51:41.382727+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml

36.1.3

2025-06-20T16:49:39.088325+00:00

GitLab Importer

Fixing

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0