3
SNYK-JAVA-ORGKEYCLOAK-1062507:
6
The Keycloak core module is not affected by Open Redirect
7
Vulnerability (CVE-2020-1723), that relates to Gatekeeper, an old
8
project already decommissioned from our org. More details:
9
- https://issues.redhat.com/browse/KEYCLOAK-11318
10
- https://www.keycloak.org/2020/08/sunsetting-louketo-project.adoc
11
- https://hub.docker.com/r/keycloak/keycloak-gatekeeper
12
SNYK-JAVA-ORGKEYCLOAK-1088339:
15
The Keycloak services module is not affected by CVE-2021-3461 anymore,
16
the issue was fixed on Keycloak 14.0.0 last year. More details:
17
- https://issues.redhat.com/browse/KEYCLOAK-17495
18
SNYK-JAVA-IONETTY-1042268:
21
There is no fixed version for io.netty:netty-handler. More details:
22
- https://github.com/netty/netty/issues/10806
23
- https://github.com/netty/netty/issues/8537
24
- https://github.com/netty/netty/issues/9930
25
- https://github.com/netty/netty/issues/10362
26
Netty Handler is a transitive dependency coming from Quarkus,
27
according to the Netty team, the fix should be available on Netty 5.
28
The expiry date was set as a reminder for us to upgrade, once they
30
expires: 2024-06-31T00:00:00.000Z
31
SNYK-JAVA-ORGKEYCLOAK-1658295:
34
Keycloak is no longer vulnerable. The issue was fixed on Keycloak 18.0.0
36
- https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
37
- https://access.redhat.com/security/cve/cve-2021-3827
38
SNYK-JAVA-ORGKEYCLOAK-1083276:
41
Keycloak is no longer vulnerable. The issue was fixed on Keycloak 18.0.0
43
- https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf
44
- https://access.redhat.com/security/cve/cve-2021-3424
45
SNYK-JAVA-ORGKEYCLOAK-2987457:
48
Keycloak is no longer vulnerable. The issue was fixed on Keycloak 19.0.2
50
- https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
51
- https://access.redhat.com/security/cve/CVE-2022-2668