Fluid Attacks Database

Description

Cross-site Scripting in Keycloak A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.keycloak:keycloak-server-spi-private	=10.0.1	10.0.2
maven	org.keycloak:keycloak-model-jpa	=10.0.1	10.0.2
npm	keycloak-connect	=10.0.1	10.0.2
maven	org.keycloak:keycloak-parent	>=0 <10.0.2	10.0.2
maven	org.keycloak:keycloak-services	=10.0.1	10.0.2
maven	org.keycloak:keycloak-core	=10.0.1	10.0.2
maven	org.keycloak:keycloak-wildfly-server-subsystem	=10.0.1	10.0.2

Aliases

1. CVE-2020-107482. NVD-2020-107483. OSV-2020-107484. GCVE-2020-10748

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=1836786