issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2017-2646 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA]
#13
Open
github-actions[bot]
opened
2 years ago
github-actions[bot]
commented
2 years ago
Veracode Software Composition Analysis
Attribute
Details
Library
Keycloak SAML Core
Description
Keycloak SSO
Language
JAVA
Vulnerability
Denial Of Service (DoS)
Vulnerability description
keycloak-saml-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the mishandling of a
Logout
request with an
Extensions
in the middle of the request.
CVE
2017-2646
CVSS score
5
Vulnerability present in version/s
1.2.0.CR1-2.5.4.Final
Found library version/s
1.8.1.Final
Vulnerability fixed in version
2.5.5.Final
Library latest version
19.0.3
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/379321?version=1.8.1.Final
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3780
Patch:
https://github.com/keycloak/keycloak/commit/42954e84d99417b8dd5b97181398e2a4cd68bf5d
Veracode Software Composition Analysis
Logout
request with anExtensions
in the middle of the request.Links: