CVE-2018-1260

Summary

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

Affected Software

VendorProductVersion RangeStatus
PivotalSpring Security OAuth2.3 prior to 2.3.3; 2.2 prior to 2.2.2; 2.1 prior to 2.1.2; 2.0 prior to 2.0.15affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References