CVE-2021-27582
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-27582
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27582.json
- Aliases
- Published
- 2021-02-23T18:15:14Z
- Modified
- 2023-11-29T08:20:01.233662Z
- Details
-
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.
- References
Affected packages
Git / github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
- Events
- Type
- GIT
- Repo
- https://github.com/mitreid-connect/openid-connect-java-spring-server
- Events
-
Introduced0The exact introduced commit is unknownLast affected
Affected versions
Other
M-1
M-2
M-3
M2-pre-data-model-changes
iss294-start
iss294-0.*
iss294-0.9
mitreid-connect-0.*
mitreid-connect-0.9.0
mitreid-connect-0.9.1
mitreid-connect-0.9.2
mitreid-connect-0.9.3
mitreid-connect-1.*
mitreid-connect-1.0.0
mitreid-connect-1.0.1
mitreid-connect-1.0.2
mitreid-connect-1.0.3
mitreid-connect-1.0.4
mitreid-connect-1.0.5
mitreid-connect-1.0.6
mitreid-connect-1.1.0
mitreid-connect-1.1.1
mitreid-connect-1.1.2
mitreid-connect-1.1.3
mitreid-connect-1.1.4
mitreid-connect-1.1.5
mitreid-connect-1.1.6
mitreid-connect-1.1.7
mitreid-connect-1.1.8
mitreid-connect-1.1.9
mitreid-connect-1.2.0
mitreid-connect-1.2.0-RC1
mitreid-connect-1.2.0-RC2
mitreid-connect-1.2.1
mitreid-connect-1.2.2
mitreid-connect-1.2.3
mitreid-connect-1.2.4
mitreid-connect-1.2.5
mitreid-connect-1.2.6
mitreid-connect-1.3.0
mitreid-connect-1.3.0-RC1
mitreid-connect-1.3.0-RC2
mitreid-connect-1.3.1
mitreid-connect-1.3.2
mitreid-connect-1.3.3