3 matches found
org.hspconsortium.reference:hspc-reference-auth-server-webapp (>=0.11 <=1.15.3), org.hspconsortium:hsp-authorization-server (=0.8) +1 more potentially affected by CVE-2021-27582 via org.mitre:openid-connect-parent (>=1.2.0 <=1.3.1)
org.mitre:openid-connect-parent MAVEN version =1.2.0, =0.11, =1.15.3 - org.hspconsortium:hsp-authorization-server =0.8 - org.hspconsortium:hsp-reference-authorization =0.8 Source cves: CVE-2021-27582 Source advisory: OSV:GHSA-8P36-Q63G-68QH...
CVE-2021-27582
creationtimestamp| type| source ---|---|--- 2021-02-23 20:35:17+00:00| seen| https://t.me/cibsecurity/24001 2021-03-25 07:21:24+00:00| published-proof-of-concept| https://t.me/ptswarm/15...
CVE-2021-27582
MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...