Arbitrary Code Execution Affecting org.springframework.security.oauth:spring-security-oauth2 package, versions [1.0.0.RELEASE,2.0.10.RELEASE)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-31345
- published 4 Jul 2016
- disclosed 4 Jul 2016
- credit David Vieira-Kurz
How to fix?
Upgrade org.springframework.security.oauth:spring-security-oauth2
to version 2.0.10.RELEASE or higher.
Overview
org.springframework.security.oauth:spring-security-oauth2 is a package that provides support for using Spring Security with OAuth (1a) and OAuth2.
Affected versions of this package are vulnerable to Arbitrary Code Execution. When processing authorization requests using the whitelabel views, the response_type
parameter value was executed as Spring SpEL
which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type
.