漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Red Hat Keycloak 输入验证错误漏洞
Vulnerability Description
Red Hat Keycloak是美国红帽(Red Hat)公司的一套为现代应用和服务提供身份验证和管理功能的软件。 Red Hat Keycloak 11.0.0之前版本中的ObjectInputStream存在输入验证错误漏洞,该漏洞源于程序没有进行类型检查。远程攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A