Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MITREid Connect 安全漏洞
Vulnerability Description
Michael Stepankin OpenID-Connect-Java-Spring-Server是GlobalMichael Stepankin开源的一个应用系统提供OpenID Connect身份提供程序以及通用OAuth 2.0授权服务器 MITREid Connect through 1.3.3 存在安全漏洞,该漏洞源于在OAuth授权流期间不安全地使用@ModelAttribute注释导致的,其中HTTP请求参数会影响authorizationRequest。
CVSS Information
N/A
Vulnerability Type
N/A