Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE: 2017-2646 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA] #246

Open
bnreplah opened this issue May 4, 2023 · 0 comments
Open

CVE: 2017-2646 found in Keycloak SAML Core - Version: 1.8.1.Final [JAVA] #246

bnreplah opened this issue May 4, 2023 · 0 comments
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability

Comments

@bnreplah
Copy link
Owner

bnreplah commented May 4, 2023

Veracode Software Composition Analysis

Attribute Details
Library Keycloak SAML Core
Description Keycloak SSO
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description keycloak-saml-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the mishandling of a Logout request with an Extensions in the middle of the request.
CVE 2017-2646
CVSS score 5
Vulnerability present in version/s 1.2.0.CR1-2.5.4.Final
Found library version/s 1.8.1.Final
Vulnerability fixed in version 2.5.5.Final
Library latest version 21.1.1
Fix

Links:
@bnreplah bnreplah added Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability labels May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bnreplah