5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 0000-0000 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA] #22

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Keycloak SAML Core
Description Keycloak SSO
Language JAVA
Vulnerability SAML Assertion Insertion
Vulnerability description Keycloak saml-core is vulnerable to malicious SAML assertion insertion. This vulnerability is due to the fact that the assertions are not verified as signed before being accepted.
CVE null
CVSS score 6.4
Vulnerability present in version/s 1.1.0.Beta1-1.9.0.CR1
Found library version/s 1.8.1.Final
Vulnerability fixed in version 1.9.0.Final
Library latest version 20.0.1
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2