RSS   Podatności dla 'Spring security oauth'   RSS

2018-05-11
 
CVE-2018-1260

CWE-94
 

 
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

 
2017-05-25
 
CVE-2016-4977

 

 
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

 

 >>> Vendor: Pivotal 22 Produkty
Spring framework
Cloud foundry elastic runtime
Operations manager
Rabbitmq
Spring security oauth
Spring web flow
Pcf tile generator
UAA
Elastic runtime
Uaa-release
Cloud foundry
Bosh stemcell
Cf-release
Routing-release
Capi-release
Uaa bosh
Spring-flex
Cloud foundry php buildpack
Tc runtimes
Tc server
Reactor netty
Vmware harbor registry


Copyright 2020, cxsecurity.com

 

Back to Top