-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.keycloak:keycloak-parent | maven | <= 23.0.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper redirect URI validation in JARM 'form_post.jwt' responses. AuthorizationEndpoint is the primary handler for OIDC authorization flows, and JARMUtil handles JARM-specific logic. The first function likely fails to enforce strict redirect URI matching when processing wildcards in JARM mode, while the second might improperly embed unvalidated URIs in JWTs. Confidence is high for AuthorizationEndpoint due to its central role in response handling, and medium for JARMUtil as secondary processing logic.
Ongoing coverage of React2Shell