An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat single sign-on 7.0 |
||
redhat keycloak 18.0.0 |