We're updating the issue view to help you get more done. 

Update spring-security-oauth

Steps to reproduce

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5,
2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older
unsupported versions could be susceptible to an open redirector attack
that can leak an authorization code. A malicious user or attacker can
craft a request to the authorization endpoint using the authorization
code grant type, and specify a manipulated redirection URI via the
redirect_uri parameter. This can cause the authorization server to
redirect the resource owner user-agent to a URI under the control of the
attacker with the leaked authorization code.

Status

Assignee

Lars Kiesow

Reporter

Lars Kiesow

Severity

Security

Tags (folksonomy)

None

Components

Affects versions

6.5

Priority

Major