CVE: 2017-2646 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Keycloak SAML Core
Description	Keycloak SSO
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	keycloak-saml-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the mishandling of a Logout request with an Extensions in the middle of the request.
CVE	2017-2646
CVSS score	5
Vulnerability present in version/s	1.2.0.CR1-2.5.4.Final
Found library version/s	1.8.1.Final
Vulnerability fixed in version	2.5.5.Final
Library latest version	23.0.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/379321?version=1.8.1.Final
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3780
• Patch: https://github.com/keycloak/keycloak/commit/42954e84d99417b8dd5b97181398e2a4cd68bf5d

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54