Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirector in spring-security-oauth2
Vulnerability Description
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Pivotal Software Spring Security OAuth 输入验证错误漏洞
Vulnerability Description
Pivotal Software Spring Security OAuth是美国Pivotal Software公司的一款为SpringWeb应用程序添加OAuth1和OAuth2功能提供支持的登录系统。 Pivotal Software Spring Security Oauth中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响:Pivotal Software Spring Security Oauth 2.3版本至2.3.5版本,2.2版本至2.2
CVSS Information
N/A
Vulnerability Type
N/A