Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.10 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ykkv-ahjn-d7eb
Aliases: CVE-2021-22119 GHSA-w9jg-gvgr-354m |
Incorrect Authorization Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:57:33.476480+00:00 | GHSA Importer | Affected by | VCID-ykkv-ahjn-d7eb | https://github.com/advisories/GHSA-w9jg-gvgr-354m | 38.1.0 |