CVE-2021-3637

Allocation of Resources Without Limits or Throttling in maven/org.keycloak/keycloak-model-infinispan

Identifiers

CVE-2021-3637

Package Slug

maven/org.keycloak/keycloak-model-infinispan

Vulnerability

Allocation of Resources Without Limits or Throttling

Description

A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

Affected Versions

All versions before 14.0.0

Solution

Upgrade to version 14.0.0 or above.

Last Modified

2021-07-15

source