GHSA-wf7g-7h6h-678v, CVE-2022-2668
maven/org.keycloak/keycloak-parent
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
All versions before 19.0.2
Upgrade to version 19.0.2 or above.
2022-09-27
source |