Allocation of resources without limits or throttling in keycloak-model-infinispan

GHSA-2vp8-jv5v-6qh6 · CVE-2021-3637

Published Jul 13, 2021 · Modified Nov 8, 2023

Description

A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3637
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1979638

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes