GMS-2022-8407: Keycloak vulnerable to path traversal via double URL encoding
Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.
References
Detect and mitigate GMS-2022-8407 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →