CVE-2018-1260
CRITICAL9.8EPSS 52.3%Spring Security OAuth vulnerable to remote code execution (RCE)
發布日:2018/10/18修改日:2024/5/14
描述
Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
受影響套件(1)
- Maven/org.springframework.security.oauth:spring-security-oauth2>= 2.3.0, < 2.3.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-rrpm-pj7p-7j9q
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1260
- PATCHhttps://github.com/spring-attic/spring-security-oauth
- WEBhttps://access.redhat.com/errata/RHSA-2018:1809
- WEBhttps://access.redhat.com/errata/RHSA-2018:2939
- WEBhttps://pivotal.io/security/cve-2018-1260
- WEBhttps://web.archive.org/web/20200227123539/http://www.securityfocus.com/bid/104158