Spring Security OAuth (spring-security-oauth2) provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption ([CWE-400]()).
Note that Spring Security OAuth (spring-security-oauth2) is no longer supported, therefore [Spring Security]() has been developed as the alternative, and the similar vulnerability known as [CVE-2021-22119]() was identified but has been addressed.
## Impact
A website that provides OAuth client functionality using Spring Security OAuth (spring-security-oauth2) may fall into a denial-of-service condition.
## Solution
**Update the software**
Update the software to the latest version according to the information provided by the developer.
## Products Affected
* Spring Security OAuth (spring-security-oauth2) 2.5.1 and earlierRead More