GMS-2023-529: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 20, 2023 (updated November 7, 2023)

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in org.keycloak:keycloak-services.

References

access.redhat.com/security/cve/cve-2022-1438
bugzilla.redhat.com/show_bug.cgi?id=2031904
github.com/advisories/GHSA-w354-2f3c-qvg9
github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9

Detect and mitigate GMS-2023-529 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →