Search for packages
| purl | pkg:maven/org.springframework.security.oauth/spring-security-oauth2@2.2.RELEASE |
| Tags | Ghost |
| Next non-vulnerable version | 2.2.5.RELEASE |
| Latest non-vulnerable version | 2.5.2.RELEASE |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-uxa4-6eep-8kh6
Aliases: CVE-2018-1260 GHSA-rrpm-pj7p-7j9q |
Code Injection Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:37:41.642309+00:00 | GitLab Importer | Affected by | VCID-uxa4-6eep-8kh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth2/CVE-2018-1260.yml | 38.6.0 |