Details

    • Security Sensitive Issue:
      This issue is security relevant
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We are using keycloak 4.5 and we have detected vulnerabilities in this release due to the included versions of Angularjs 1.6.6 and jQuery 3.2.1:
      • For Angularjs 1.6.6, the vulnerability is described here: https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html
      • For jQuery 3.2.1, the vulnerability is described here : https://nvd.nist.gov/vuln/detail/CVE-2019-11358
      Could you tell us if you are aware of these vulnerabilities and if keycloak 4.5 could be considered as vulnerable, or if it cannot fall into these vulnerabilities?

      Keycloak 6.0.1 still include jQuery 3.2.1.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                stianst Stian Thorgersen
                Reporter:
                sveyriere Sebastien Veyriere
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: