Lucene search

Code injection in keycloak

🗓️ 13 May 2021 22:51:29Reported by GitHub Advisory DatabaseType

Code injection in Keycloak allows execution of malicious code via referrer URL, posing high threat to data confidentiality and system availabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
CNVD	Red Hat keycloak cross-site scripting vulnerability (CNVD-2022-05532)	24 Mar 202100:00	–	cnvd
RedhatCVE	CVE-2021-20222	16 Feb 202106:03	–	redhatcve
Prion	Design/Logic Flaw	23 Mar 202117:15	–	prion
OSV	CVE-2021-20222	23 Mar 202117:15	–	osv
OSV	GHSA-2MQ8-99Q7-55WX Code injection in keycloak	13 May 202122:29	–	osv
Cvelist	CVE-2021-20222	23 Mar 202116:36	–	cvelist
Veracode	Cross-Site Scripting (XSS)	15 Mar 202104:19	–	veracode
CVE	CVE-2021-20222	23 Mar 202117:15	–	cve
NVD	CVE-2021-20222	23 Mar 202117:15	–	nvd
IBM Security Bulletins	Security Bulletin: Rational Test Automation Server is vulnerable to malicious code execution due to Keycloak (CVE-2021-20222)	5 Dec 202206:04	–	ibm

Vulners

Node

org.keycloak keycloak-parentRange9.0.0–12.0.3

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-20222
github	www.github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741
access	www.access.redhat.com/security/cve/cve-2021-20222
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/advisories/GHSA-2mq8-99q7-55wx

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2021 22:29Current

3.2Low risk

Vulners AI Score3.2

CVSS25.1

CVSS37.5

EPSS0.00511