VDB
KO
MEDIUM 5.4

GHSA-m4fv-gm5m-4725

HTML Injection in Keycloak Admin REST API

Details

The `execute-actions-email` endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.keycloak:keycloak-services
Introduced in: 0 Fixed in: 20.0.5
Fix # pom.xml: bump <version>20.0.5</version> for org.keycloak:keycloak-services

References