Lucene search
+L

45 matches found

vulnersosv
vulnersosv
added 2021/07/02 6:33 p.m.7 views

com.azure.spring:azure-spring-boot-starter-active-directory-b2c (=3.6.0), com.okta.idx.sdk:okta-idx-java-embedded-sign-in-widget (>=0.1.0-beta.8 <=1.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.5.0)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
nvd
nvd
added 2019/08/19 4:15 a.m.25 views

CVE-2019-15150

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...

8.8CVSS8.6AI score0.01164EPSS
Exploits0References6
cvelist
cvelist
added 2019/08/19 3:41 a.m.30 views

CVE-2019-15150

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...

8.7AI score0.01164EPSS
Exploits0References6
vulnersosv
vulnersosv
added 2018/10/19 10:0 p.m.5 views

br.com.anteros:Anteros-Keycloak (=1.0.0), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +57 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =4.0.1 - com.ge.research.semtk:springSecurityLibrary =2.2.2 -...

9.6CVSS7.2AI score0.02153EPSS
Exploits0
drupal
drupal
added 2016/08/10 12:0 a.m.14 views

OAuth2 Client- Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2016-044

This module provides an OAuth2 client. The module does not check the validity of the state parameter, during server-side flow, before getting a token. This may allow a malicious user to feed a fake accesstoken to another user, and subsequently provide him fake data from the server. This page...

7AI score
Exploits0References13
Rows per page
Query Builder