org.keycloak:keycloak-services is vulnerable to Cross-site Scripting (XSS) attacks. A remote attacker is able to insert an arbitrary URI into an error page via the oob OAuth
endpoint due to incorrect null-byte handling.
access.redhat.com/errata/RHSA-2023:1043
access.redhat.com/errata/RHSA-2023:1044
access.redhat.com/errata/RHSA-2023:1045
access.redhat.com/errata/RHSA-2023:1049
access.redhat.com/security/cve/CVE-2022-4137
bugzilla.redhat.com/show_bug.cgi?id=2148496
github.com/advisories/GHSA-9hhc-pj4w-w5rv
github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
github.com/keycloak/keycloak/pull/16774