org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Package
Affected versions
< 24.0.9
>= 25.0.0, < 26.0.6
Patched versions
24.0.9
26.0.6
Description
Published to the GitHub Advisory Database
Nov 25, 2024
Reviewed
Nov 25, 2024
Last updated
Dec 18, 2024
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
References