WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1260 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

Description

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

Remediation

References

https://pivotal.io/security/cve-2018-1260

http://www.securityfocus.com/bid/104158

https://access.redhat.com/errata/RHSA-2018:1809

https://access.redhat.com/errata/RHSA-2018:2939

Related Vulnerabilities

CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin

CVE-2012-5883 Vulnerability in maven package org.webjars:yui

CVE-2022-36916 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2022-29822 Vulnerability in npm package feathers-sequelize

CVE-2019-1003050 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Third Party Advisory VDB Entry