org.springframework.security.oauth:spring-security-oauth2

vulnerable: 1.0.0.RELEASE, 1.0.1.RELEASE, 1.0.2.RELEASE, 1.0.3.RELEASE, 1.0.4.RELEASE

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote co…

vulnerable: 1.0.0.RELEASE ... 1.0.5.RELEASE (6 versions)

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an author…

vulnerable: 2.3.0.RELEASE, 2.3.1.RELEASE, 2.3.2.RELEASE, 2.3.3.RELEASE

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A maliciou…

vulnerable: 2.3.0.RELEASE, 2.3.1.RELEASE, 2.3.2.RELEASE, 2.3.3.RELEASE, 2.3.4.RELEASE

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization co…

vulnerable: 2.4.0.RELEASE, 2.4.1.RELEASE

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. …