6 matches found
EUVD-2024-3387
Malicious code in bioql PyPI...
CVE-2024-53843
@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...
@dapperduckling/keycloak-connector-cluster-redis (>=0.0.5-alpha.0 <=1.0.30), @dapperduckling/keycloak-connector-group-auth-plugin (>=0.0.5-alpha.0 <=1.1.15) potentially affected by CVE-2024-53843 via @dapperduckling/keycloak-connector-server (>=0.0.14 <=1.5.2)
@dapperduckling/keycloak-connector-server NPM version =0.0.14, =0.0.5-alpha.0, =0.0.5-alpha.0, =1.1.15 Source cves: CVE-2024-53843 Source advisory: OSV:GHSA-W5RQ-G9R6-VRCG...
CVE-2024-53843 Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server
@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...
keycloak-connector 跨站脚本漏洞
keycloak-connector is a series of libraries open-sourced by DapperDuckling for Node.js applications and front-end clients to interact with keycloak. A cross-site scripting vulnerability exists in versions of keycloak-connector prior to 2.5.4 that stems from improperly cleaned URL parameters, whic...
PT-2024-35946 · Unknown · @Dapperduckling/Keycloak-Connector-Server
Name of the Vulnerable Software and Affected Versions: @dapperduckling/keycloak-connector-server versions prior to 2.5.5 Description: A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application due to improper sanitization of the URL parameters...