keycloak-connect contains Open redirect vulnerability in the Node.js adapter