Denial Of Service (DoS)

2022-04-2201:30:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

34.7%

JSON

Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a single session.

CPENameOperatorVersion
oauth2 for spring securityle2.4.2.RELEASE
oauth2 for spring securityle2.2.6.RELEASE
oauth2 for spring securityle2.3.8.RELEASE
oauth2 for spring securityle2.0.19.RELEASE
oauth2 for spring securityle2.5.1.RELEASE
oauth2 for spring securityle1.1.0.M1
oauth2 for spring securityle2.1.6.RELEASE
oauth2 for spring securityle2.4.2.RELEASE
oauth2 for spring securityle2.2.6.RELEASE
oauth2 for spring securityle2.3.8.RELEASE

Name	Operator	Version
oauth2 for spring security	le	2.4.2.RELEASE
oauth2 for spring security	le	2.2.6.RELEASE
oauth2 for spring security	le	2.3.8.RELEASE
oauth2 for spring security	le	2.0.19.RELEASE
oauth2 for spring security	le	2.5.1.RELEASE
oauth2 for spring security	le	1.1.0.M1
oauth2 for spring security	le	2.1.6.RELEASE
oauth2 for spring security	le	2.4.2.RELEASE
oauth2 for spring security	le	2.2.6.RELEASE
oauth2 for spring security	le	2.3.8.RELEASE