CVE-2021-3856
published 2022-08-26CVE-2021-3856: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 15.1.0 | 15.1.0 |
| redhat | keycloak | — | — |