Description
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
Remediation
References
https://issues.jboss.org/browse/KEYCLOAK-699
https://bugzilla.redhat.com/show_bug.cgi?id=1144278
Related Vulnerabilities
CVE-2023-27474 Vulnerability in npm package directus
CVE-2019-19771 Vulnerability in npm package bitconi-ops
CVE-2019-14653 Vulnerability in maven package org.webjars.npm:editor.md
CVE-2020-26272 Vulnerability in npm package electron
CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl