Vulnerabilities

CVE-2016-4977

by Fred · 25/05/2017

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Date published : 2017-05-25

https://pivotal.io/security/cve-2016-4977

https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2@%3Cannounce.apache.org%3E

Similar

Tags: Cybersecurity Alert