Описание
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pivotal:spring_security_oauth:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:spring_security_oauth:2.0.9:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94093
Критический
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-19
Связанные уязвимости
CVSS3: 8.8
github
больше 7 лет назад
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
EPSS
Процентиль: 100%
0.94093
Критический
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-19