CVE-2018-1260

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1260

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1260.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1260

Aliases

GHSA-rrpm-pj7p-7j9q

Published

2018-05-11T20:29:00.353Z

Modified

2026-02-13T01:27:52.094618Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

References

Affected packages

Git / github.com/spring-projects/spring-security-oauth

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-security-oauth
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

599e24db47d6b40eaa8af72dfda5e2b439b0ddfa

Introduced

220183d8cf56860cddae2def4efdb1a552b60d69

Last affected

0d9036078cfb672726cf64f9c1e26845b9bb4e19

Introduced

4701c737204017ddfed2e18069de9d77191a6813

Last affected

ffd9d4b90fbb2e3601601c3674260df99fb65f98

Introduced

f0b82d84dbd02d98a4e313d9357906b053ca4b18

Last affected

97e39dde7e88aae802be98de084a382886ca4255

Affected versions

2.*

2.1.0.RELEASE

2.1.1.RELEASE

jwt1.*

jwt1.0.8.RELEASE

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1260.json"