Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.1.2.RELEASE |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-zdpx-scsg-uyfw | Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. |
CVE-2018-15801
GHSA-27xw-p8v6-9jjr |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T20:50:42.245024+00:00 | GitLab Importer | Fixing | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.4.0 |
| 2026-04-11T22:01:21.725367+00:00 | GitLab Importer | Fixing | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.3.0 |
| 2026-04-02T22:14:24.377167+00:00 | GitLab Importer | Fixing | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.1.0 |
| 2026-04-01T12:48:11.833953+00:00 | GitLab Importer | Fixing | VCID-zdpx-scsg-uyfw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-oauth2-jose/CVE-2018-15801.yml | 38.0.0 |