Veracode Vulnerability DatabaseVERACODE:36352Denial Of Service (DoS)
0.006 Low
EPSS
Percentile
77.6%
org.springframework.security:spring-security-oauth2-client is vulnerable to denial of service (DoS) attacks. An attacker is able to cause resource exhaustion via sending multiple requests initiating the authorization request for the authorization code grant using a single session or multiple sessions, resulting in denial of service conditions.
References
github.com/advisories/GHSA-w9jg-gvgr-354m
github.com/spring-projects/spring-security/commit/67a18f564a2e17540bafb3feb6744a47055438b5
github.com/spring-projects/spring-security/commit/700bda68b7b4507899221fe6774926ce0e8d9f21
github.com/spring-projects/spring-security/commit/a10886852993a4aafb5ad64a2a8d5fdfed88d707
github.com/spring-projects/spring-security/commit/ee9c8e2fd0f0345b5f130663138a396b98cd9418
github.com/spring-projects/spring-security/issues/9912
github.com/spring-projects/spring-security/pull/9649
github.com/spring-projects/spring-security/pull/9857
lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
tanzu.vmware.com/security/cve-2021-22119
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
