A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
This flaw requires a misconfiguration of the "UUID LDAP Attribute" values. When they are set to the standard entryUUID, objectGUID or nsuniqueid Keycloak is not vulnerable.