CVE: 0000-0000 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Keycloak SAML Core
Description	Keycloak SSO
Language	JAVA
Vulnerability	SAML Assertion Insertion
Vulnerability description	Keycloak saml-core is vulnerable to malicious SAML assertion insertion. This vulnerability is due to the fact that the assertions are not verified as signed before being accepted.
CVE	null
CVSS score	6.4
Vulnerability present in version/s	1.1.0.Beta1-1.9.0.CR1
Found library version/s	1.8.1.Final
Vulnerability fixed in version	1.9.0.Final
Library latest version	20.0.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/379321?version=1.8.1.Final
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/2367
• Patch: https://github.com/keycloak/keycloak/commit/69c3d38164d8c57afad57c38357cff661953bf5b

[github-actions[bot]]

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184