CVE-2018-14658: URL Redirection to Untrusted Site (Open Redirect)
(updated )
The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils
before the redirect url is verified. This can lead to an Open Redirection attack.
References
Detect and mitigate CVE-2018-14658 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →