CVE-2016-4977

2017-05-2517:00:00

dell

www.cve.org

9 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

JSON

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

CNA Affected

[
  {
    "product": "Spring Security OAuth",
    "vendor": "Pivotal",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.0 to 2.0.9"
      },
      {
        "status": "affected",
        "version": "1.0.0 to 1.0.5"
      }
    ]
  }
]