Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2017-7474
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
| Software | From | Fixed in |
|---|---|---|
| keycloak / keycloak-nodejs-auth-utils | 2.5.0-cr1 | 2.5.0-cr1.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.3 | 2.5.3.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.7 | 2.5.7.x |
| keycloak / keycloak-nodejs-auth-utils | 3.0.0 | 3.0.0.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.4 | 2.5.4.x |
| keycloak / keycloak-nodejs-auth-utils | 3.0.0-cr1 | 3.0.0-cr1.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.6 | 2.5.6.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.1 | 2.5.1.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.2 | 2.5.2.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.5 | 2.5.5.x |
| keycloak / keycloak-nodejs-auth-utils | 2.5.0 | 2.5.0.x |
keycloak-connect
|
2.5.0 | 3.1.0 |
|
keycloak-js
|
2.5.0 | 3.1.0 |