Vulnerabilities > Pivotal > Spring Security Oauth

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-22969 <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application.
network
low complexity
pivotal oracle
6.5
6.5
2017-05-25 CVE-2016-4977 Data Processing Errors vulnerability in Pivotal Spring Security Oauth
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
network
low complexity
pivotal CWE-19
8.8
8.8