RSS   Podatności dla 'Spring security oauth'   RSS

2018-05-11
 
CVE-2018-1260

CWE-94
 

 
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

 
2017-05-25
 
CVE-2016-4977

 

 
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

 

 >>> Vendor: Pivotal 22 Produkty
Tc server
Operations manager
Spring framework
Rabbitmq
Cloud foundry elastic runtime
Cloud foundry
Cf-release
Capi-release
Bosh stemcell
Spring security oauth
Routing-release
Spring web flow
Pcf tile generator
UAA
Elastic runtime
Uaa-release
Uaa bosh
Spring-flex
Cloud foundry php buildpack
Tc runtimes
Reactor netty
Vmware harbor registry


Copyright 2024, cxsecurity.com

 

Back to Top