Red Hat · Keycloak · CVE-2020-1714
**Name of the Vulnerable Software and Affected Versions**
Keycloak versions prior to 11.0.0
**Description**
A flaw was found in the code base where usages of ObjectInputStream are without type checks. This allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
**Recommendations**
For versions prior to 11.0.0, update to version 11.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ObjectInputStream usage to minimize the risk of exploitation.