Skip to content

CVE-2024-10270 Potential Denial of Service #35214

New issue
New issue
Closed
Closed
CVE-2024-10270 Potential Denial of Service#35214
Labels
kind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.6release/26.1.0
@stianst

Description

@stianst
stianst
opened on Nov 22, 2024

Description

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.6release/26.1.0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions