Описание
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
Ссылки
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (исключая)
cpe:2.3:a:keycloak:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00802
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
Связанные уязвимости
redhat
больше 11 лет назад
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS3: 7.5
github
больше 7 лет назад
Keycloak vulnerable to uncontrolled resource consumption
EPSS
Процентиль: 74%
0.00802
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400