Missing CVE-2021-20323 for keycloak-core:15

[trash-80]

To facilitate future automation, please use the following format

Advisory details

  URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20323
  format: maven
  namespace: org.keycloak
  name: keycloak-core
  versions: 15.0.0

More information Snyk found the issue, but OSSIndex missed this one

[ken-duck]

Sorry for the delay. We are still working on developing processes to handle issues, and I have been away for a while (catching up now)!

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

[ken-duck]

We are finally cleaning up the issues database. There have been MANY changes since this issue was raised. We have moved from the old OSS Index vulnerability database to a new database that has a much larger research team.

In this particular case, our research team looked deeper into the issue, and determined that keycloak-core was not vulnerable, but keycloak-services was.

https://ossindex.sonatype.org/component/pkg:maven/org.keycloak/keycloak-services

We have moved to an email-based reporting system that is more closely aligned to our commercial issue tracking. Please forward future issues to ossindex@sonatype.org

[trash-80]

Great, thanks for the update.