4 matches found
ROOT-APP-MAVEN-CVE-2026-22748 CVE-2026-22748 in io.root.org.springframework.security:spring-security-oauth2-jose - Patched by Root
Root has patched CVE-2026-22748 in the io.root.org.springframework.security:spring-security-oauth2-jose package for Root:Maven. Multiple fixed versions available...
Insufficient Verification of Data Authenticity
Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...
be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +309 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=7.0.0-M1 <=7.0.4)
org.springframework.security:spring-security-oauth2-jose MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...
app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +998 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.0.0 <=6.5.1)
org.springframework.security:spring-security-oauth2-jose MAVEN version =6.0.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.10.0, =1.10.0, =1.10.0, =1.0.0, =1.55.1, =1.55.1, =3.1.0, =3.1.0, =8.4.0, =1.0.0, =17.16.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory:...