Douglas Palmer

2 exploits Active since Aug 2022
CVE-2024-10270 WRITEUP MEDIUM WRITEUP
Keycloak-services < 24.0.9 - Denial of Service via Regex Complexity in SearchQueryUtils
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
CVSS 6.5
CVE-2021-3856 WRITEUP MEDIUM WRITEUP
Keycloak < 15.1.0 - Unauthenticated Arbitrary File Read via Theme Resource Path Traversal
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
CVSS 4.3