It was found that the user-managed access interface in Keycloak would permit a script to be set in the UMA policy. An authenticated attacker with UMA permissions could configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
Acknowledgments: Name: Bart Toersche (Simacan)