Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:pivotal:spring_security_oauth:1.0.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-4977 |
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. Published: May 25, 2017; 1:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |