VulnerableCode Package Details - pkg:maven/org.springframework.security.oauth/spring-security-oauth2@1.0.5.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-pbvw-fs16-67bq Aliases: CVE-2018-15758 GHSA-h8w4-qv99-f7vj	Improper Privilege Management Spring Security OAuth are susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval.	2.0.16 Affected by 0 other vulnerabilities. 2.0.16.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.3 Affected by 0 other vulnerabilities. 2.1.3.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.3.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.4.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uxa4-6eep-8kh6 Aliases: CVE-2018-1260 GHSA-rrpm-pj7p-7j9q	Code Injection Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.	2.0.15 Affected by 0 other vulnerabilities. 2.0.15.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.2 Affected by 0 other vulnerabilities. 2.1.2.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.2 Affected by 0 other vulnerabilities. 2.2.2.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.3 Affected by 0 other vulnerabilities. 2.3.3.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-pbvw-fs16-67bq
Aliases:
CVE-2018-15758
GHSA-h8w4-qv99-f7vj

Improper Privilege Management Spring Security OAuth are susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval.

2.0.16
Affected by 0 other vulnerabilities.

2.0.16.RELEASE
Affected by 2 other vulnerabilities.

2.1.3
Affected by 0 other vulnerabilities.

2.1.3.RELEASE
Affected by 2 other vulnerabilities.

2.2.3.RELEASE
Affected by 2 other vulnerabilities.

2.3.4.RELEASE
Affected by 2 other vulnerabilities.

VCID-uxa4-6eep-8kh6
Aliases:
CVE-2018-1260
GHSA-rrpm-pj7p-7j9q

Code Injection Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

2.0.15
Affected by 0 other vulnerabilities.

2.0.15.RELEASE
Affected by 3 other vulnerabilities.

2.1.2
Affected by 0 other vulnerabilities.

2.1.2.RELEASE
Affected by 3 other vulnerabilities.

2.2.2
Affected by 0 other vulnerabilities.

2.2.2.RELEASE
Affected by 3 other vulnerabilities.

2.3.3
Affected by 0 other vulnerabilities.

2.3.3.RELEASE
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-uxa4-6eep-8kh6	Code Injection Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.	CVE-2018-1260 GHSA-rrpm-pj7p-7j9q

Vulnerability

Summary

Aliases

VCID-uxa4-6eep-8kh6

CVE-2018-1260
GHSA-rrpm-pj7p-7j9q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:12:08.082248+00:00	GitLab Importer	Affected by	VCID-uxa4-6eep-8kh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth2/CVE-2018-1260.yml	38.6.0
2026-06-04T18:23:44.035840+00:00	GHSA Importer	Fixing	VCID-uxa4-6eep-8kh6	https://github.com/advisories/GHSA-rrpm-pj7p-7j9q	38.6.0
2026-06-02T04:38:28.858398+00:00	GitLab Importer	Affected by	VCID-pbvw-fs16-67bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth2/CVE-2018-15758.yml	38.6.0