Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE
Typemaven
Namespaceorg.springframework.security.oauth
Namespring-security-oauth2
Version1.0.5.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.10
Latest_non_vulnerable_version2.5.2.RELEASE
Affected_by_vulnerabilities
0
url VCID-pbvw-fs16-67bq
vulnerability_id VCID-pbvw-fs16-67bq
summary 
Improper Privilege Management
Spring Security OAuth are susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2413
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2413
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15758.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15758.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15758
reference_id
reference_type
scores
0
value 0.00326
scoring_system epss
scoring_elements 0.55867
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15758
3
reference_url https://github.com/advisories/GHSA-h8w4-qv99-f7vj
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8w4-qv99-f7vj
4
reference_url https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
5
reference_url https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
6
reference_url https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
7
reference_url https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
8
reference_url https://github.com/spring-projects/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
9
reference_url https://github.com/spring-projects/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
10
reference_url https://github.com/spring-projects/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
11
reference_url https://github.com/spring-projects/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
12
reference_url http://www.securityfocus.com/bid/105687
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105687
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1643048
reference_id 1643048
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1643048
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15758
reference_id CVE-2018-15758
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15758
15
reference_url https://pivotal.io/security/cve-2018-15758
reference_id CVE-2018-15758
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-15758
fixed_packages
0
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16
1
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.16.RELEASE
2
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3
3
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.3.RELEASE
4
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.3.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.3.RELEASE
5
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.4.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.4.RELEASE
aliases CVE-2018-15758, GHSA-h8w4-qv99-f7vj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbvw-fs16-67bq
1
url VCID-uxa4-6eep-8kh6
vulnerability_id VCID-uxa4-6eep-8kh6
summary 
Code Injection
Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1809
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1809
1
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1260.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1260.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1260
reference_id
reference_type
scores
0
value 0.52285
scoring_system epss
scoring_elements 0.97976
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1260
4
reference_url https://github.com/advisories/GHSA-rrpm-pj7p-7j9q
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrpm-pj7p-7j9q
5
reference_url https://github.com/spring-attic/spring-security-oauth
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth
6
reference_url https://github.com/spring-projects/spring-security-oauth/commit/1c6815ac1b26fb2f079adbe283c43a7fd0885f3
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/1c6815ac1b26fb2f079adbe283c43a7fd0885f3
7
reference_url https://github.com/spring-projects/spring-security-oauth/commit/6b1791179c1092553aa0690da22dac4dff2fc58
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/6b1791179c1092553aa0690da22dac4dff2fc58
8
reference_url https://github.com/spring-projects/spring-security-oauth/commit/8e9792c1963f1aeea81ca618785eb8d71d1cd1d
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/8e9792c1963f1aeea81ca618785eb8d71d1cd1d
9
reference_url https://github.com/spring-projects/spring-security-oauth/commit/adb1e6d19c681f394c9513799b81b527b0cb007
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/adb1e6d19c681f394c9513799b81b527b0cb007
10
reference_url https://web.archive.org/web/20200227123539/http://www.securityfocus.com/bid/104158
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227123539/http://www.securityfocus.com/bid/104158
11
reference_url http://www.securityfocus.com/bid/104158
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104158
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1584376
reference_id 1584376
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1584376
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1260
reference_id CVE-2018-1260
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1260
14
reference_url https://pivotal.io/security/cve-2018-1260
reference_id CVE-2018-1260
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1260
fixed_packages
0
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
1
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
2
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
3
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
4
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
5
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
6
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
7
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
aliases CVE-2018-1260, GHSA-rrpm-pj7p-7j9q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxa4-6eep-8kh6
Fixing_vulnerabilities
0
url VCID-uxa4-6eep-8kh6
vulnerability_id VCID-uxa4-6eep-8kh6
summary 
Code Injection
Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1809
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1809
1
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1260.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1260.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1260
reference_id
reference_type
scores
0
value 0.52285
scoring_system epss
scoring_elements 0.97976
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1260
4
reference_url https://github.com/advisories/GHSA-rrpm-pj7p-7j9q
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrpm-pj7p-7j9q
5
reference_url https://github.com/spring-attic/spring-security-oauth
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-attic/spring-security-oauth
6
reference_url https://github.com/spring-projects/spring-security-oauth/commit/1c6815ac1b26fb2f079adbe283c43a7fd0885f3
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/1c6815ac1b26fb2f079adbe283c43a7fd0885f3
7
reference_url https://github.com/spring-projects/spring-security-oauth/commit/6b1791179c1092553aa0690da22dac4dff2fc58
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/6b1791179c1092553aa0690da22dac4dff2fc58
8
reference_url https://github.com/spring-projects/spring-security-oauth/commit/8e9792c1963f1aeea81ca618785eb8d71d1cd1d
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/8e9792c1963f1aeea81ca618785eb8d71d1cd1d
9
reference_url https://github.com/spring-projects/spring-security-oauth/commit/adb1e6d19c681f394c9513799b81b527b0cb007
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security-oauth/commit/adb1e6d19c681f394c9513799b81b527b0cb007
10
reference_url https://web.archive.org/web/20200227123539/http://www.securityfocus.com/bid/104158
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227123539/http://www.securityfocus.com/bid/104158
11
reference_url http://www.securityfocus.com/bid/104158
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104158
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1584376
reference_id 1584376
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1584376
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1260
reference_id CVE-2018-1260
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1260
14
reference_url https://pivotal.io/security/cve-2018-1260
reference_id CVE-2018-1260
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1260
fixed_packages
0
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pbvw-fs16-67bq
1
vulnerability VCID-uxa4-6eep-8kh6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE
1
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15
2
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.15.RELEASE
3
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2
4
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.1.2.RELEASE
5
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2
6
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.2.RELEASE
7
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3
8
url pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
purl pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ndm-y1m9-3feg
1
vulnerability VCID-pbvw-fs16-67bq
2
vulnerability VCID-rqmm-31xc-eqfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.3.3.RELEASE
aliases CVE-2018-1260, GHSA-rrpm-pj7p-7j9q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxa4-6eep-8kh6
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE