Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a single session.
github.com/spring-projects/spring-security-oauth/commit/2b58aafecac336e82f20ea43da9b208b0a4a40dd
github.com/spring-projects/spring-security-oauth/commit/3379a36e64c13e4118c7e179f3a874a64de5f5a2
github.com/spring-projects/spring-security-oauth/commit/e96d2c738757146234c7e8a1962a7a755776b512
github.com/spring-projects/spring-security-oauth/issues/142
spring.io/blog/2022/04/21/cve-report-published-for-spring-security-oauth
tanzu.vmware.com/security/cve-2022-22969
www.oracle.com/security-alerts/cpujul2022.html