Keycloak: Undertow ProxyProtocolReadListener Vulnerability – Data Leakage Risk

In the Keycloak package, Undertow version 2.3.8-2, a high severity vulnerability CVE-2024-7885 was detected. Undertow’s vulnerability lets ProxyProtocolReadListener reuse the same StringBuilder for multiple requests, risking data leakage between them. This can cause errors, connection issues, and potential data exposure. There is no fixed version for Debian:unstable undertow. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7885.