org.keycloak:keycloak-model-infinispan

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.keycloak:keycloak-model-infinispanpage 1 of 1

CVE-2019-14832HIGHCVSS 7.5EG 7.5✓ Fixed in 7.0.1
2019-10-15
vulnerable: 1.9.0.CR1 ... 7.0.0 (61 versions)
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized inf…
CVE-2021-3637HIGHCVSS 7.5EG 7.5✓ Fixed in 14.0.0
2021-07-09
vulnerable: 1.9.0.CR1 ... 9.0.3 (82 versions)
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

Check whether org.keycloak:keycloak-model-infinispan is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.keycloak:keycloak-model-infinispan CVEs against the assets you own.

Start Free Scan →