CVE-2023-6291
npm/keycloak-connect
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
All versions before 22.0.7
Upgrade to version 23.0.0 or above.
2024-02-05
source |