CVE-2020-14359 log

Severity Medium
Remote Yes
Type Insufficient validation
A vulnerability was found in keycloak, where on using lower case HTTP headers (via cURL) a Gatekeeper can be bypassed. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when putting a Gatekeeper in front of a Jetty server and using lowercase headers.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 15.0.2-1 16.0.0-1 High Fixed