Overview
- Pivotal
- Spring Security OAuth
25 May 2017
Published
06 Aug 2024
Updated
CVSS
Pending
EPSS
79.18%
KEV
Description
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Statistics
- 1 Post
Last activity: 19 hours ago
Fediverse
A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it