Headline

GHSA-w97f-w3hq-36g2: Keycloak Denial of Service vulnerability

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

1 month ago

ghsa

Open in Source

#vulnerability #dos #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

1 hour ago

ghsa

GHSA-jjxq-ff2g-95vh: Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

1 hour ago

ghsa

GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array

1 hour ago

ghsa

GHSA-hv6m-qj65-26q3: UnoPim Cross-site Scripting vulnerability

3 hours ago

ghsa

GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

5 hours ago

ghsa