Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VMware Spring Security 安全漏洞
Vulnerability Description
VMware Spring Security是美国威睿(VMware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware Spring Security 5.7.5之前的5.7.x版本和5.6.9之前的5.6.x版本存在安全漏洞,该漏洞源于恶意用户或攻击者可以通过浏览器修改客户端向授权服务器发起的请求,这可能导致后续的权限升级。
CVSS Information
N/A
Vulnerability Type
N/A