Maven package
org.springframework.security.oauth/spring-security-oauth2
pkg:maven/org.springframework.security.oauth/spring-security-oauth2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22969 | — | >= 2.5.0.RELEASE, < 2.5.2.RELEASE | 2.5.2.RELEASE | Apr 21, 2022 | Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send mul | ||
| CVE-2019-3778 | — | < 2.0.17.RELEASE | 2.0.17.RELEASE | Mar 7, 2019 | Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craf | ||
| CVE-2018-15758 | — | >= 2.0.0, < 2.0.16 | 2.0.16 | Oct 18, 2018 | Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to | ||
| CVE-2018-1260 | — | >= 2.3.0, < 2.3.3 | 2.3.3 | May 11, 2018 | Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endp | ||
| CVE-2016-4977 | Hig | 8.8 | >= 2.0.0, < 2.0.10 | 2.0.10 | May 25, 2017 | When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the valu |
- CVE-2022-22969Apr 21, 2022affected >= 2.5.0.RELEASE, < 2.5.2.RELEASEfixed 2.5.2.RELEASE
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send mul
- CVE-2019-3778Mar 7, 2019affected < 2.0.17.RELEASEfixed 2.0.17.RELEASE
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craf
- CVE-2018-15758Oct 18, 2018affected >= 2.0.0, < 2.0.16fixed 2.0.16
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to
- CVE-2018-1260May 11, 2018affected >= 2.3.0, < 2.3.3fixed 2.3.3
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endp
- affected >= 2.0.0, < 2.0.10fixed 2.0.10
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the valu