-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.keycloak:keycloak-ldap-federation | maven | < 23.0.1 | 23.0.1 |
| org.keycloak:keycloak-services | maven | < 23.0.1 | 23.0.1 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped user input in LDAP queries. The commit diff shows the vulnerable code in getFilterById() appended the 'id' parameter directly to an LDAP filter. The patch adds EscapeStrategy.DEFAULT.escape(id), confirming this was the injection point. The CWE-90 classification and advisory description align with this code path being used during username-based LDAP lookups.
Ongoing coverage of React2Shell