Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-05-11T20:00:00Z

Updated: 2024-09-17T03:44:21.413Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1260

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-11T20:29:00.353

Modified: 2024-11-21T03:59:29.300

Link: CVE-2018-1260

cve-icon Redhat

Severity : Important

Publid Date: 2018-05-09T00:00:00Z

Links: CVE-2018-1260 - Bugzilla