Insecure file upload In org.keycloak:keycloak-saml-core
This advisory was classified as a False Positive during our data review process to ensure accuracy and data quality.
Description
Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references.
Original Description
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version |
|---|---|---|
 maven |
Aliases
1. 2. 3.
References
1.