6 matches found
GHSA-9342-92GG-6V29 vulnerabilities
Vulnerabilities for packages: keycloak, jenkins, wildfly, thingsboard, apicurio-registry, dependency-track, keycloak-config-cli, apache-nifi...
CVE-2025-49006
Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...
CVE-2025-49006 Wasp has case insensitive OAuth ID vulnerability
Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...
CVE-2025-49006
CVE-2025-49006 concerns Wasp (Web Application Specification), a Rails-like framework used with React/Node/Prisma. Prior to 0.16.6, the OAuth implementation lowercases OAuth user IDs before storing/fetching, which can violate OAuth/OpenID Connect specs and lead to user impersonation, account colli...
GHSA-Q4XQ-445G-G6CH vulnerabilities
Vulnerabilities for packages: keycloak-fips, keycloak, keycloak-config-cli, keycloak-operator...
CVE-2024-7318 vulnerabilities
Vulnerabilities for packages: keycloak-config-cli...