Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rrpm-pj7p-7j9q

GitHub Security Advisory

Spring Security OAuth vulnerable to remote code execution (RCE)

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

Affected Packages

Maven org.springframework.security.oauth:spring-security-oauth2
Affected versions: 2.3.0 (fixed in 2.3.3)
Maven org.springframework.security.oauth:spring-security-oauth2
Affected versions: 2.2.0 (fixed in 2.2.2)
Maven org.springframework.security.oauth:spring-security-oauth2
Affected versions: 2.1.0 (fixed in 2.1.2)
Maven org.springframework.security.oauth:spring-security-oauth2
Affected versions: 2.0.0 (fixed in 2.0.15)
Maven org.springframework.security.oauth:spring-security-oauth2
Affected versions: 1.0.0 (last affected: 1.0.5)

Related CVEs

CVE-2018-1260

Key Information

GHSA ID
GHSA-rrpm-pj7p-7j9q
Published
October 18, 2018 6:05 PM
Last Modified
May 14, 2024 5:55 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.springframework.security.oauth:spring-security-oauth2
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.