Moderate severity vulnerability that affects org.keycloak:keycloak-core

GHSA-h7j7-pw3v-3v3x · CVE-2018-10912

Published Oct 18, 2018 · Modified Nov 8, 2023

Description

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-10912
ADVISORY https://github.com/advisories/GHSA-h7j7-pw3v-3v3x
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes