CVE-2021-3856

Summary

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.

Affected Software

VendorProductVersion RangeStatus
n/akeycloakFixed in 15.1.0affected

Weaknesses

  • CWE-552: CWE-552 - Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

References