GHSA-7q9c-h23x-65fq

Suggest an improvement
Source
https://github.com/advisories/GHSA-7q9c-h23x-65fq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-7q9c-h23x-65fq/GHSA-7q9c-h23x-65fq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7q9c-h23x-65fq
Aliases
Published
2018-10-18T18:06:22Z
Modified
2024-11-28T05:34:53.101139Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
Details

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype.

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2020-06-16T21:23:16Z",
    "severity": "HIGH"
}
References

Affected packages

Maven

org.springframework.security.oauth:spring-security-oauth2

Package

Name
org.springframework.security.oauth:spring-security-oauth2
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.security.oauth/spring-security-oauth2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.10

Affected versions

2.*

2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.0.6.RELEASE
2.0.7.RELEASE
2.0.8.RELEASE
2.0.9.RELEASE

org.springframework.security.oauth:spring-security-oauth2

Package

Name
org.springframework.security.oauth:spring-security-oauth2
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.security.oauth/spring-security-oauth2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.5

Affected versions

1.*

1.0.0.RELEASE
1.0.1.RELEASE
1.0.2.RELEASE
1.0.3.RELEASE
1.0.4.RELEASE