Количество 2
Количество 2
CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
GHSA-7q9c-h23x-65fq
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-4977 When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | CVSS3: 8.8 | 94% Критический | больше 8 лет назад |
| GHSA-7q9c-h23x-65fq Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views | CVSS3: 8.8 | 94% Критический | больше 7 лет назад |
Уязвимостей на страницу