Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2021-06-29T16:15:05

Updated: 2024-08-03T18:30:23.943Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-22119

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-29T17:15:08.143

Modified: 2024-11-21T05:49:32.760

Link: CVE-2021-22119

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-06-28T00:00:00Z

Links: CVE-2021-22119 - Bugzilla