CVE-2016-4977 – org.springframework.security.oauth:spring-security-oauth2

Package

Manager: maven
Name: org.springframework.security.oauth:spring-security-oauth2
Vulnerable Version: >=2.0.0 <2.0.10 || >=1.0.0 <1.0.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.94093 pctl0.99899

Details

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Metadata

Created: 2018-10-18T18:06:22Z
Modified: 2024-05-14T17:39:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-7q9c-h23x-65fq/GHSA-7q9c-h23x-65fq.json
CWE IDs: []
Alternative ID: GHSA-7q9c-h23x-65fq
Finding: F422
Auto approve: 1