CVE-2020-1714 log

Severity High
Remote Yes
Type Arbitrary code execution
A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1158 keycloak 10.0.0-1 10.0.1-1 High Fixed FS#66642
Date Advisory Group Package Severity Type
16 May 2020 ASA-202005-8 AVG-1158 keycloak High arbitrary code execution