Overview
About vulnerability
SVG ImageDescription
Spring Security Authorization Server’s authorization endpoint performs insufficient validation of the request_uri parameter.
An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.
SVG ImageAffected Spring Products and Versions
Spring Security:
- 7.0.0 - 7.0.5
Spring Authorization Server:
- 1.5.0 - 1.5.7
SVG ImageMitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 7.0.x | 7.0.6 | OSS |
| 1.5.x | 1.5.8 | OSS |
SVG ImageCredit
The issue was identified and responsibly reported by Jon Kjennbakken of Vipps MobilePay.
SVG ImageReferences
Details
SVG ImageDescription
Spring Security Authorization Server’s authorization endpoint performs insufficient validation of the request_uri parameter.
An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.
SVG ImageAffected Spring Products and Versions
Spring Security:
- 7.0.0 - 7.0.5
Spring Authorization Server:
- 1.5.0 - 1.5.7
SVG ImageMitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 7.0.x | 7.0.6 | OSS |
| 1.5.x | 1.5.8 | OSS |
SVG ImageCredit
The issue was identified and responsibly reported by Jon Kjennbakken of Vipps MobilePay.