org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2016-4977 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2016-4977 Source advisory: OSV:GHSA-7Q9C-H23X-65FQ...

am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +509 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.0.0.RELEASE <=2.0.14.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2018-1260 Source...

GHSA-RRPM-PJ7P-7J9Q Spring Security OAuth vulnerable to remote code execution (RCE)

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...

Spring Security OAuth vulnerable to remote code execution (RCE)

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...

br.com.anteros:Anteros-Keycloak (=1.0.0), com.blossom-project:blossom-starter-ui-api (>=1.0.0 <=1.1.1) +47 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =1.0.6, =1.0.0, =0.7.4, =0.7.8 - com.vmware.card-connectors:airwatch-connector =2.1 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1), fm.pattern:tokamak-authorization (=1.0.1) +17 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.1.0.RELEASE <=2.1.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.1.0.RELEASE, =1.1.1, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.9.0, =1.9.0, =1.3.0, =1.3.0, =1.3.4 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Qhttps://vulners.c...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.4.3), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.4.3) +6 more potentially affected by CVE-2018-8038 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.4.3)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.4.3 Source cves: CVE-2018-8038 Source advisory: OSV:GHSA-W3GH-G32M-CVHR...

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2039 more potentially affected by CVE-2016-5007 via org.springframework.security:spring-security-core (>=2.0.0 <=4.1.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.1.0.RELEASE, =1.3.1-RELEASE, =0.3.3, =1.2.1, =2.0.0, =1.0.0, =1.0.0, =0.0.2, =0.4.0, =0.3.0, =0.7.0 - com.17jee:e-cloud-authorize =3.0.0.RELEASE and more Source cves: CVE-2016-5007 Source advisory:...

Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

GHSA-CXRJ-66C5-9FMH Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

am.ik.home:uaa-client (>=1.0.0 <=1.2.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.2.0) +690 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.1.0.RELEASE <=4.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.1.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.0.7.OSS, =1.0.7.OSS, =3.0.1.3, =3.0.0, =3.0.1.2, =3.0.1.11 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

am.ik.home:uaa-client (>=1.3.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.3.0 <=1.9.0) +1654 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =1.1.1, =1.12.0 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

ch.rasc:wamp2spring-security (=1.0.0), com.github.henkexbg:gallery-api (=0.3.0) +58 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (=5.0.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - ch.rasc:wamp2spring-security =1.0.0 -...

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

org.apache.camel:camel-atmosphere-websocket (=2.16.0), org.apache.camel:camel-example-cxf-tomcat (=2.16.0) +8 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-servlet (=2.16.0)

org.apache.camel:camel-servlet MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-servlet and may be impacted: - org.apache.camel:camel-atmosphere-websocket =2.16.0 - org.apache.camel:camel-example-cxf-tomcat...