keycloak-connect (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package keycloak-connect, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2017-7474 — CVSS 9.8 (critical): It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass…
CVE-2022-2237 — CVSS 6.1 (medium): A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the…
CVE-2019-10157 — CVSS 4.7 (medium): It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its…