VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-authz-client@4.5.0.Final

Search for packages

Package details: pkg:maven/org.keycloak/keycloak-authz-client@4.5.0.Final

Essentials
History (2)

purl	pkg:maven/org.keycloak/keycloak-authz-client@4.5.0.Final

Next non-vulnerable version	9.0.0
Latest non-vulnerable version	9.0.0
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-597y-4t7f-87bw Aliases: CVE-2019-10169 GHSA-9c24-43p5-fv82	Keycloak code execution via UMA policy abuse A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.	8.0.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rbk3-3kp9-dfh7 Aliases: CVE-2020-1698 GHSA-qgmm-f2qw-r95f	Keycloak leaks sensitive information in logged exceptions A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.	9.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T10:36:03.646595+00:00	GitLab Importer	Affected by	VCID-597y-4t7f-87bw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-authz-client/CVE-2019-10169.yml	37.0.0
2025-08-01T09:32:04.611646+00:00	GitLab Importer	Affected by	VCID-rbk3-3kp9-dfh7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-authz-client/CVE-2020-1698.yml	37.0.0