Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-6841

created 1 year, 1 month ago

Keycloak: amount of attributes per object is not limited and it may lead to dos

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

Affected products

keycloak

<24.0.0

rh-sso7-keycloak

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.0.6
- nixpkgs-unstable 26.0.6
- nixos-unstable-small 26.0.7

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.keycloak

Package maintainers