logo

Database

Improper resource allocation In org.keycloak:keycloak-core

Description

Keycloak vulnerable to uncontrolled resource consumption JBoss KeyCloak versions prior to 1.0.3.Final allow remote attackers to create a denial of service (resource consumption) by supplying a large value in the size parameter to auth/qrcode, related to QR code generation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2014-36512. NVD-2014-36513. OSV-2014-36514. GHSA-r32r-3977-cgc35. GCVE-2014-3651

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=11442782. https://issues.jboss.org/browse/KEYCLOAK-699

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.