-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from redirect validation in RedirectUtils.java. Key functions identified are verifyRedirectUri (main validation entry point) and matchesRedirects (core matching logic). The code shows special handling for loopback interfaces (LOOPBACK_INTERFACES) and wildcard patterns, but fails to properly validate these cases. Advisory links and CVE descriptions explicitly reference this file and the redirect validation mechanism. The functions' purpose directly aligns with the described vulnerability pattern of improper localhost URI validation leading to open redirects.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.keycloak:keycloak-services | maven | < 25.0.6 | 25.0.6 |
A Semantic Attack on Google Gemini - Read the Latest Research