QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-27582

Back to search

CVE-2021-27582

Published: Feb 23, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.

VendorProductVersions

n/a

n/a

affected
n/a

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now