Search for vulnerabilities
Vulnerability details: VCID-kpgc-cmf5-mqcj
Vulnerability ID VCID-kpgc-cmf5-mqcj
Aliases GHSA-j3x3-r585-4qhg
Summary Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. ## Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1333 Inefficient Regular Expression Complexity
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:10175
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10175
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:10176
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10176
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:10177
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10177
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:10178
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10178
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2024-10270
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2024-10270
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2321214
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2321214
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-j3x3-r585-4qhg
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-10270
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-10270
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2024:10175
https://access.redhat.com/errata/RHSA-2024:10176
https://access.redhat.com/errata/RHSA-2024:10177
https://access.redhat.com/errata/RHSA-2024:10178
https://access.redhat.com/security/cve/CVE-2024-10270
https://bugzilla.redhat.com/show_bug.cgi?id=2321214
https://nvd.nist.gov/vuln/detail/CVE-2024-10270
GHSA-j3x3-r585-4qhg https://github.com/advisories/GHSA-j3x3-r585-4qhg
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:10175
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:10176
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:10177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:10178
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-10270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2321214
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-10270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-31T08:33:52.685017+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 37.0.0