Slvrqn

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified) Description A flaw exists in Keycloak where an unauthenticated attacker can cause a Denial of Service (DoS) by sending a crafted POST request to the OpenID Connect (OIDC) token endpoint. The attack involves an excessively long `scope` parameter. This leads to high resource consumption and prolonged processing times. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.