Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.1.1.RELEASE |
| Next non-vulnerable version | 5.1.2.RELEASE |
| Latest non-vulnerable version | 5.1.2.RELEASE |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zdpx-scsg-uyfw
Aliases: CVE-2018-15801 GHSA-27xw-p8v6-9jjr |
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T20:50:42.241745+00:00 | GitLab Importer | Affected by | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.4.0 |
| 2026-04-11T22:01:21.721562+00:00 | GitLab Importer | Affected by | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.3.0 |
| 2026-04-02T22:14:24.373817+00:00 | GitLab Importer | Affected by | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.1.0 |
| 2026-04-01T16:31:53.977746+00:00 | GitLab Importer | Affected by | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.0.0 |