Denial Of Service (DoS)

keycloak-connect is vulnerable to denial of service. Failure to validate JWT signatures on /klogout route allows remote attackers to force logout users and indefinitely deny service to the application using malicious JWTs with NBF values...

GHSA-68HW-VFH7-XVG8 Forced Logout in keycloak-connect

Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to version 4.4...