AVG-1577 log
| Package | keycloak |
| Status | Fixed |
| Severity | Medium |
| Type | cross-site request forgery |
| Affected | 12.0.1-1 |
| Fixed | 12.0.2-1 |
| Current | 26.0.5-1 [extra] |
| Ticket | None |
| Created | Tue Feb 16 11:18:11 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-10770 | Medium | Yes | Cross-site request forgery | A flaw was found in Keycloak before 12.0.2, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri.... |