VulnerableCode Package Details - pkg:maven/org.springframework.security.oauth/spring-security-oauth@2.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1ndm-y1m9-3feg Aliases: CVE-2019-3778 GHSA-77rv-6vfw-x4gc	URL Redirection to Untrusted Site Spring Security OAuth could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the `redirect_uri` parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. `@EnableAuthorizationServer`) and uses the `DefaultRedirectResolver` in the `AuthorizationEndpoint`. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different `RedirectResolver` implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. `@EnableResourceServer`), act in the role of a Client only (e.g. `@EnableOAuthClient`).	2.1.4 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities. 2.3.5 Affected by 0 other vulnerabilities.
VCID-rqmm-31xc-eqfp Aliases: CVE-2019-11269 GHSA-mmf6-6597-3v6m	URL Redirection to Untrusted Site (Open Redirect) Spring Security OAuth could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the `redirect_uri` parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.	2.1.5 Affected by 0 other vulnerabilities. 2.2.5 Affected by 0 other vulnerabilities. 2.3.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1ndm-y1m9-3feg
Aliases:
CVE-2019-3778
GHSA-77rv-6vfw-x4gc

URL Redirection to Untrusted Site Spring Security OAuth could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the `redirect_uri` parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. `@EnableAuthorizationServer`) and uses the `DefaultRedirectResolver` in the `AuthorizationEndpoint`. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different `RedirectResolver` implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. `@EnableResourceServer`), act in the role of a Client only (e.g. `@EnableOAuthClient`).

2.1.4
Affected by 0 other vulnerabilities.

2.2.4
Affected by 0 other vulnerabilities.

2.3.5
Affected by 0 other vulnerabilities.

VCID-rqmm-31xc-eqfp
Aliases:
CVE-2019-11269
GHSA-mmf6-6597-3v6m

URL Redirection to Untrusted Site (Open Redirect) Spring Security OAuth could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the `redirect_uri` parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.

2.1.5
Affected by 0 other vulnerabilities.

2.2.5
Affected by 0 other vulnerabilities.

2.3.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:39:21.611035+00:00	GitLab Importer	Affected by	VCID-rqmm-31xc-eqfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth/CVE-2019-11269.yml	38.6.0
2026-06-02T04:38:59.903717+00:00	GitLab Importer	Affected by	VCID-1ndm-y1m9-3feg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth/CVE-2019-3778.yml	38.6.0

2026-06-02T04:39:21.611035+00:00

GitLab Importer

Affected by

VCID-rqmm-31xc-eqfp

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth/CVE-2019-11269.yml

38.6.0

2026-06-02T04:38:59.903717+00:00

GitLab Importer

Affected by

VCID-1ndm-y1m9-3feg

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security.oauth/spring-security-oauth/CVE-2019-3778.yml

38.6.0

Next non-vulnerable version	2.1.4
Latest non-vulnerable version	2.5.2
Risk