/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-7q9x-5jxh-8vw6

Published

Last updated

https://images.chainguard.dev/security/CGA-7q9x-5jxh-8vw6
Package

keycloak

RepositoryWolfi
Latest Update
Fixed
Fixed Version

26.1.4-r0

Aliases
  • CVE-2023-4586
  • GHSA-57m8-f3v5-hm5m

Severity

7.4

High

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-4586
  • https://github.com/advisories/GHSA-57m8-f3v5-hm5m

Updates

Status

Fixed

Fixed version

26.1.4-r0

Status

Affected

Impact

This CVE exists in the latest release (v4) of netty-handler, which has yet to receive a patch. There is discussion this would be mitigated in an upcoming v5 of netty, but this is yet to be released and there is no ETA. netty-handler is a dependency of Quarkus, which is used by Keycloak. For more detail: https://github.com/netty/netty/issues/8537

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal