Use of Hard-coded Constants
Affecting org.keycloak:keycloak-services artifact, versions [,8.0.0)Report new vulnerabilities
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.
Affected versions of this package are vulnerable to Use of Hard-coded Constants. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'email@example.com'.
org.keycloak:keycloak-services to version 8.0.0 or higher.