You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and as such will receive the exact same CPE from NIST NVD
We don't do submodule attribution for vulnerabilities listed in the NVD. If you'd like to have submodule attribution of CVEs you would have to resort to licensed SCA vulnerability scanners that have the means to build and maintain their own database of vulnerabilities versus libraries or accept the occasional false-positive because your used lib is a non-vulnerable subcomponent of a project that has vulnerabilities in the same version of some other component.
Package URl
pkg:maven/org.keycloak/keycloak-ldap-federation@6.0.1
CPE
cpe:2.3:a:keycloak:keycloak:6.0.1:::::::, cpe:2.3:a:redhat:keycloak:6.0.1:::::::
CVE
CVE-2021-3632
ODC Integration
None
ODC Version
9.1.0
Description
Actual vulnerable component in Keycloak services
The text was updated successfully, but these errors were encountered: