Description

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

Remediation

References

http://www.securityfocus.com/bid/104158

https://access.redhat.com/errata/RHSA-2018:1809

https://access.redhat.com/errata/RHSA-2018:2939

https://pivotal.io/security/cve-2018-1260

Related Vulnerabilities

CVE-2023-25569 Vulnerability in maven package com.ctrip.framework.apollo:apollo

CVE-2019-1003041 Vulnerability in maven package org.jenkins-ci.plugins:groovy

CVE-2020-2163 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2023-44487 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory