VDB

GHSA-q2gp-gph3-88x9

GHSA-q2gp-gph3-88x9 REJECTED

Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Affected Products

VendorProductVersions
Mavenorg.keycloak:keycloak-saml-core0, 1.1.0.Beta1, 1.1.0.Beta2

Timeline

  • Dec 5, 2024 CVE Rejected
  • Dec 5, 2024 CVE Updated
  • Mar 2, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›