Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1260 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

Description

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

Remediation

References

http://www.securityfocus.com/bid/104158

https://access.redhat.com/errata/RHSA-2018:1809

https://access.redhat.com/errata/RHSA-2018:2939

https://pivotal.io/security/cve-2018-1260

Related Vulnerabilities

CVE-2017-16016 Vulnerability in npm package sanitize-html

CVE-2018-11778 Vulnerability in maven package org.apache.ranger:ranger

CVE-2022-0639 Vulnerability in npm package url-parse

CVE-2019-10427 Vulnerability in maven package org.jenkins-ci.plugins:aqua-microscanner

CVE-2017-20162 Vulnerability in maven package org.webjars.npm:ms

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory