When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Affected Packages

Maven org.springframework.security.oauth:spring-security-oauth2

Affected versions: 2.0.0 (fixed in 2.0.10)

Maven org.springframework.security.oauth:spring-security-oauth2

Affected versions: 1.0.0 (fixed in 1.0.5)

Related CVEs

CVE-2016-4977

Key Information

GHSA ID

GHSA-7q9c-h23x-65fq

Published

October 18, 2018 6:06 PM

Last Modified

May 14, 2024 5:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.springframework.security.oauth:spring-security-oauth2

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 7, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.