Description
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1144278
https://issues.jboss.org/browse/KEYCLOAK-699
Related Vulnerabilities
CVE-2022-31197 Vulnerability in maven package org.postgresql:postgresql
CVE-2020-11023 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2021-39149 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-21169 Vulnerability in npm package express-xss-sanitizer