julz0815 / test-action

0 stars 1 forks source link

CVE: 2017-2646 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA] #174

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Keycloak SAML Core
Description Keycloak SSO
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description keycloak-saml-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the mishandling of a Logout request with an Extensions in the middle of the request.
CVE 2017-2646
CVSS score 5
Vulnerability present in version/s 1.2.0.CR1-2.5.4.Final
Found library version/s 1.8.1.Final
Vulnerability fixed in version 2.5.5.Final
Library latest version 20.0.1
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184