keycloak-connect

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting keycloak-connectpage 1 of 1

CVE-2017-7474CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.0
2017-05-12
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
CVE-2019-10157MEDIUMCVSS 4.7EG 4.7✓ Fixed in 4.8.3
2019-06-12
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token se…
CVE-2022-2237MEDIUMCVSS 6.1EG 6.1✓ Fixed in 21.0.1
2023-03-27
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

Check whether keycloak-connect is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for keycloak-connect CVEs against the assets you own.

Start Free Scan →