Spring Security Oauth
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:spring_security_oauth:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Spring Security Oauth (e4de7e10-5172-5766-9256-90f81aebef2f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/spring-projects/spring-security-oauth |
purl2cpe | 2026-06-01 10:13:44.527592 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-22969 |
vulnerable | 2026-06-03 14:46:25.891980 |
Details available
<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.
Published: 2022-04-21T18:16:02.000Z
Updated: 2024-08-03T03:28:42.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1260 |
vulnerable | 2026-06-03 14:38:30.705109 |
Details available
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
Published: 2018-05-11T20:00:00.000Z
Updated: 2024-09-17T03:44:21.413Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15758 |
vulnerable | 2026-06-03 14:38:19.383844 |
Privilege Escalation in spring-security-oauth2
CRITICAL (9.6)
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
Published: 2018-10-18T22:00:00.000Z
Updated: 2024-09-17T01:16:40.202Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4977 |
vulnerable | 2026-06-03 14:35:54.016450 |
Details available
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Published: 2017-05-25T17:00:00.000Z
Updated: 2024-08-06T00:46:39.945Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.