Search for packages
| purl | pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.0.9 |
| Next non-vulnerable version | 2.0.10 |
| Latest non-vulnerable version | 2.5.2.RELEASE |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-rfwp-tv3x-zqak
Aliases: CVE-2016-4977 GHSA-7q9c-h23x-65fq |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:38:28.766007+00:00 | GitLab Importer | Affected by | VCID-rfwp-tv3x-zqak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth2/CVE-2016-4977.yml | 38.6.0 |