VDB

CVE-2018-1260

CVE-2018-1260 PUBLISHED CVSS 9.800000190734863 CRITICAL

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

EPSS 52.28% · 98.0th percentile

Risk Scores

CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
52.28%
98.0th percentile

Affected Products

VendorProductVersions
pivotal_softwarespring_security_oauth0, 2.2, 2.3
PivotalSpring Security OAuth2.3 prior to 2.3.3; 2.2 prior to 2.2.2; 2.1 prior to 2.1.2; 2.0 prior to 2.0.15
Mavenorg.springframework.security.oauth:spring-security-oauth22.3.0, 1.0.0, 2.0.0

Exploit Intelligence

Timeline

  • May 11, 2018 CVE Published
  • Mar 13, 2019 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • May 5, 2023 EPSS Score
  • May 13, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›