VYPR

Maven package

org.springframework.security/spring-security-oauth2-authorization-server

pkg:maven/org.springframework.security/spring-security-oauth2-authorization-server

Vulnerabilities (1)

  • CVE-2024-22258MedMar 20, 2024
    affected < 1.1.6fixed 1.1.6

    Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorizat