VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-jpa@20.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.
VCID-s711-x8ae-aaaj Aliases: CVE-2023-6563 GHSA-54f3-c6hg-865h	An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	21.0.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

VCID-s711-x8ae-aaaj
Aliases:
CVE-2023-6563
GHSA-54f3-c6hg-865h

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

21.0.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.379038+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.3
2025-06-20T16:49:39.084446+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.3
2025-06-03T23:29:00.858562+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.0
2025-06-03T23:27:09.891664+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.0
2025-06-02T23:26:40.537319+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.2
2025-06-02T23:24:45.981661+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.2
2025-04-03T21:52:45.771549+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.0.0
2025-04-03T21:48:35.537968+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.0.0
2025-02-18T03:44:09.816320+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.1.0
2025-02-18T01:06:38.024331+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.1.0
2024-11-21T01:01:01.057090+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.0.0
2024-11-20T23:31:17.263175+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.0.0
2024-11-19T00:49:38.558517+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.3.2
2024-11-18T23:20:26.867540+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.3.2
2024-10-08T01:21:23.899489+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.2
2024-10-08T00:17:34.509248+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.2
2024-10-07T21:52:23.277589+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.2
2024-09-23T01:26:41.227634+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.1
2024-09-23T00:31:32.670212+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.1
2024-09-22T22:21:38.671439+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.1
2024-05-17T21:07:19.282506+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc4
2024-04-24T03:59:20.998943+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.0rc4
2024-04-24T02:42:35.306098+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T03:13:50.297920+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc2