Lucene search
K

10 matches found

OSV
OSV
added 2022/06/29 2:15 p.m.29 views

CVE-2020-26877

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

6.1CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2022/06/29 2:15 p.m.25 views

Authorization

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

5.8CVSS6.4AI score0.15621EPSS
Exploits4References3Affected Software1
0day.today
0day.today
added 2019/06/18 12:0 a.m.318 views

Spring Security OAuth - Open Redirector Vulnerability

Exploit for java platform in category web applications Exploit Title: Open Redirector in spring-security-oauth2 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

6.4CVSS0.2AI score0.15621EPSS
Exploits4
exploitpack
exploitpack
added 2019/06/17 12:0 a.m.127 views

Spring Security OAuth - Open Redirector

Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

6.4CVSS0.15621EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.232 views

Spring Security OAuth - Open Redirector

Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

6.5CVSS5.6AI score0.15621EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2019/03/14 3:39 p.m.6 views

au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1), fm.pattern:tokamak-authorization (=1.0.1) +17 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth2 (>=2.1.0.RELEASE <=2.1.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.1.0.RELEASE, =1.1.1, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.9.0, =1.9.0, =1.3.0, =1.3.0, =1.3.4 and more Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GChttps://vulners.c...

6.5CVSS6.5AI score0.15621EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2019/03/14 3:39 p.m.7 views

com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +10 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.14.RELEASE)

org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...

6.5CVSS6.5AI score0.15621EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2019/03/14 3:39 p.m.5 views

am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +537 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=2.0.16.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2019-3778 Source...

6.5CVSS6.5AI score0.15621EPSS
Exploits4
CVE
CVE
added 2019/03/07 7:0 p.m.128 views

CVE-2019-3778

The CVE-2019-3778 entry concerns an open redirect vulnerability in Spring Security OAuth where an attacker can abuse the redirect_uri parameter at the authorization endpoint to redirect a user-agent to an attacker-controlled URI, leaking the authorization code. Affected are older Spring Security ...

6.5CVSS6.4AI score0.15621EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2019/03/07 7:0 p.m.42 views

CVE-2019-3778 Open Redirect in spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5AI score0.15621EPSS
Exploits4References4
Rows per page
Query Builder