Spring Security Oauth vulnerabilities

2 known vulnerabilities affecting spring/spring_security_oauth.

Total CVEs

2

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-11269MEDIUMCVSS 5.4PoC≥ 2.2, < v2.2.5.RELEASE≥ 2.1, < v2.1.5.RELEASE+2 more2019-06-12

CVE-2019-11269 [MEDIUM] CWE-601 CVE-2019-11269: Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 p Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code gr

CVE-2019-3778MEDIUMCVSS 6.5PoC≥ 2.3, < 2.3.5.RELEASE≥ 2.0, < 2.0.17.RELEASE+2 more2019-03-07

CVE-2019-3778 [MEDIUM] CWE-601 Open Redirect in spring-security-oauth2 Open Redirect in spring-security-oauth2 Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated