A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-05-13T18:25:56

Updated: 2024-08-04T06:46:30.830Z

Reserved: 2019-11-27T00:00:00

Link: CVE-2020-1714

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-05-13T19:15:11.987

Modified: 2021-10-19T14:15:07.277

Link: CVE-2020-1714

cve-icon Redhat

Severity : Important

Publid Date: 2020-05-11T00:00:00Z

Links: CVE-2020-1714 - Bugzilla