JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
Discription

Spring Security OAuth (spring-security-oauth2) provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption ([CWE-400]()).
Note that Spring Security OAuth (spring-security-oauth2) is no longer supported, therefore [Spring Security]() has been developed as the alternative, and the similar vulnerability known as [CVE-2021-22119]() was identified but has been addressed.

## Impact

A website that provides OAuth client functionality using Spring Security OAuth (spring-security-oauth2) may fall into a denial-of-service condition.

## Solution

**Update the software**
Update the software to the latest version according to the information provided by the developer.

## Products Affected

* Spring Security OAuth (spring-security-oauth2) 2.5.1 and earlierRead More

Back to Main

Subscribe for the latest news: