Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-h7j7-pw3v-3v3x

Опубликовано: 18 окт. 2018
Источник: github
Github: Прошло ревью
CVSS3: 4.9

Описание

Moderate severity vulnerability that affects org.keycloak:keycloak-core

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-core

maven
Затронутые версииВерсия исправления

< 4.0.0

4.0.0

EPSS

Процентиль: 64%
0.00474
Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2018-10912

Дефекты

CWE-835

Связанные уязвимости

redhat логотип

CVE-2018-10912

CVSS3: 4.4
redhat
больше 7 лет назад

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

nvd логотип

CVE-2018-10912

CVSS3: 4.9
nvd
больше 7 лет назад

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

debian логотип

CVE-2018-10912

CVSS3: 4.9
debian
больше 7 лет назад

keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...

EPSS

Процентиль: 64%
0.00474
Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2018-10912

Дефекты

CWE-835