CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
| Software | From | Fixed in |
|---|---|---|
| pivotal_software / spring_security_oauth | 2.3 | 2.3.2.x |
| pivotal_software / spring_security_oauth | 2.2 | 2.2.1.x |
| pivotal_software / spring_security_oauth | 2.1 | 2.1.1.x |
| pivotal_software / spring_security_oauth | - | 2.0.14.x |
org.springframework.security.oauth / spring-security-oauth2
|
2.3.0 | 2.3.3 |
|
org.springframework.security.oauth / spring-security-oauth2
|
2.2.0 | 2.2.2 |
|
org.springframework.security.oauth / spring-security-oauth2
|
2.1.0 | 2.1.2 |
|
org.springframework.security.oauth / spring-security-oauth2
|
2.0.0 | 2.0.15 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime