An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Name | Vendor | Start Version | End Version |
---|---|---|---|
Keycloak | Redhat | 18.0.0 (including) | 18.0.0 (including) |
Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |