CVE-2024-10270

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 25, 2024
CWE ID 1333

Summary

CVE-2024-10270 is a newly discovered vulnerability affecting the Keycloak-services package. This issue arises when the SearchQueryUtils method encounters untrusted data. The complexity of the Regex pattern used in processing this data can result in a denial of service (DoS) attack, as the system resources are consumed, leading to potential performance degradation or even a crash. To mitigate this risk, it is recommended to apply the latest security patch or update for the Keycloak-services package and carefully validate all user input prior to processing it with the SearchQueryUtils method.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share