org.springframework.security:spring-security-oauth2-jose@5.1.1.RELEASE vulnerabilities
latest version
6.4.2
latest non vulnerable version
first published
7 years ago
latest version published
9 days ago
licenses detected
- [5.0.0.RELEASE,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.springframework.security:spring-security-oauth2-jose package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.springframework.security:spring-security-oauth2-jose provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Authorization Bypass via the JWT issuer validator. An attacker could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issue. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. How to fix Authorization Bypass? Upgrade org.springframework.security:spring-security-oauth2-jose to version 5.1.2.RELEASE or higher. | [5.1.0,5.1.2.RELEASE) |