logo

Database

Inappropriate coding practices In org.keycloak:keycloak-core

Description

Moderate severity vulnerability that affects org.keycloak:keycloak-core keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-109122. NVD-2018-109123. OSV-2018-109124. GHSA-h7j7-pw3v-3v3x5. GCVE-2018-10912

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.