Pivotal Spring Security OAuth 2.0.2
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:spring_security_oauth:2.0.2:*:*:*:*:*:*:*
part: a version: 2.0.2 update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Spring Security Oauth (e4de7e10-5172-5766-9256-90f81aebef2f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/spring-projects/spring-security-oauth |
purl2cpe | 2026-06-01 10:13:44.527605 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-4977 |
vulnerable | 2026-06-03 14:35:54.021074 |
Details available
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Published: 2017-05-25T17:00:00.000Z
Updated: 2024-08-06T00:46:39.945Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.