Sourav Kumar

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially sensitive information. Specifically, when a service account with the create-client or manage-clients role uses the client-registration endpoints to create or manage clients with an access token, and if the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration endpoints, such as "/api/v1/client-registration". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** js-data versions prior to the fixed version **Description** The issue concerns Prototype Pollution via the `deepFillIn` and the `set` functions. This is related to an incomplete fix of a previous issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.