CVE-2020-1714 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1158 keycloak 10.0.0-1 10.0.1-1 High Fixed FS#66642
Date Advisory Group Package Severity Type
16 May 2020 ASA-202005-8 AVG-1158 keycloak High arbitrary code execution
References
https://github.com/keycloak/keycloak/pull/7053
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714