VYPR

Maven package

org.springframework.security/spring-security-oauth2-client

pkg:maven/org.springframework.security/spring-security-oauth2-client

Vulnerabilities (2)

  • CVE-2022-31690HigOct 31, 2022
    affected >= 5.7.0, < 5.7.5fixed 5.7.5

    Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authori

  • CVE-2021-22119HigJun 29, 2021
    affected >= 5.5.0, < 5.5.1fixed 5.5.1

    Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious