Fluid Attacks Database

Description

org.keycloak:keycloak-services has Inefficient Regular Expression Complexity A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.keycloak:keycloak-services	>=0 <24.0.9 \|\| >=25.0.0 <26.0.6	24.0.9, 26.0.6

Aliases

1. CVE-2024-102702. NVD-2024-102703. OSV-2024-102704. GHSA-wq8x-cg39-8mrr5. GCVE-2024-102706. access.redhat.com7. access.redhat.com8. access.redhat.com9. access.redhat.com10. ACCESS-CVE-2024-10270

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr2. https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e43. https://bugzilla.redhat.com/show_bug.cgi?id=2321214

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.