Security vulnerability CVE-2019-17359 in keycloak-spring-security-adapter 5.0.0, should I worry?

extramedium · May 15, 2020, 1:46pm

Our Nexus IQ Server is flagging up keycloak-spring-security-adapter:5.0.0, because of a transitive dependency on org.bouncycastle:bcprov-jdk15on:1.60 which contains security vulnerability CVE-2019-17359.

Am I exposed to this vulnerability by using the keycloak-spring-security-adapter?

Topic		Replies	Views
Is Spring Security Adapter affected by CVE-2023-20862? Securing applications adapter-java	0	368	May 2, 2023
Keycloak 11 & CVE-2018-5382 bouncycastle. Is BKS-1 enabled? Getting advice	2	775	September 24, 2020
Will the current adapters get deprecated in further keycloak versions . is it true for all adapters including spring security adapter also or only JBoss Wildfly adapters? authentication , identity-brokering , oidc	1	752	May 18, 2022
Does the keycloak-spring-security-adapter version need to match the Keycloak server version? Securing applications adapter-java	0	691	May 26, 2020
CVE-2022-34169 Fixing Vulnerability in Keycloak 15 Securing applications	0	364	October 17, 2022

Security vulnerability CVE-2019-17359 in keycloak-spring-security-adapter 5.0.0, should I worry?

Related topics