Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWMtaDIzeC02NWZx

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Permalink: https://github.com/advisories/GHSA-7q9c-h23x-65fq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWMtaDIzeC02NWZx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: 7 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-7q9c-h23x-65fq, CVE-2016-4977
References: Blast Radius: 34.9

Affected Packages

maven:org.springframework.security.oauth:spring-security-oauth2
Dependent packages: 461
Dependent repositories: 9,309
Downloads:
Affected Version Ranges: >= 1.0.0, < 1.0.5, >= 2.0.0, < 2.0.10
Fixed in: 1.0.5, 2.0.10
All affected versions:
All unaffected versions: