You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2024-29857 - Allocation of Resources Without Limits or Throttling in org.bouncycastle:bcprov-jdk18on
org.bouncycastle:bcprov-jdk18on
Introduced through: org.keycloak:keycloak-operator@999.0.0-SNAPSHOT › org.bouncycastle:bcprov-jdk18on@1.77
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the solveQuadraticEquation() function used for certificate verification in ECCurve.java. Passing a large f2m parameter can cause excessive CPU consumption.
Remediation
Upgrade org.bouncycastle:bcprov-jdk18on to version 1.78 or higher.
CVE-2024-29857 - Allocation of Resources Without Limits or Throttling in org.bouncycastle:bcprov-jdk18on
org.bouncycastle:bcprov-jdk18on
Introduced through: org.keycloak:keycloak-operator@999.0.0-SNAPSHOT › org.bouncycastle:bcprov-jdk18on@1.77
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the
solveQuadraticEquation()
function used for certificate verification inECCurve.java
. Passing a large f2m parameter can cause excessive CPU consumption.Remediation
Upgrade
org.bouncycastle:bcprov-jdk18on
to version 1.78 or higher.References
The text was updated successfully, but these errors were encountered: