A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Affected Packages

Maven org.keycloak:keycloak-services

Affected versions: 0 (fixed in 24.0.9)

Maven org.keycloak:keycloak-services

Affected versions: 25.0.0 (fixed in 26.0.6)

Related CVEs

CVE-2024-10270

Key Information

GHSA ID

GHSA-wq8x-cg39-8mrr

Published

November 25, 2024 6:32 PM

Last Modified

November 25, 2024 6:32 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.keycloak:keycloak-services

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.