Back to search
CVE-2018-1260
Published: May 11, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | Spring Security OAuth | affected 2.3 prior to 2.3.3; 2.2 prior to 2.2.2; 2.1 prior to 2.1.2; 2.0 prior to 2.0.15 |
References
RHSA-2018:1809
vendor-advisory
x_refsource_REDHAT
https://pivotal.io/security/cve-2018-1260
x_refsource_CONFIRM
RHSA-2018:2939
vendor-advisory
x_refsource_REDHAT
104158
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now