What is CVE-2018-1260?

CVE-2018-1260 is a vulnerability in Pivotal Spring Security Oauth. Published 2018-05-11.

Is CVE-2018-1260 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Security Oauth

CVE-2018-1260

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an author…

EPSS: 0.523 (98.0th percentile) — read the EPSS interpretation.

Affected products

Pivotal Spring Security Oauth — versions 2.3 prior to 2.3.3; 2.2 prior to 2.2.2; 2.1 prior to 2.1.2; 2.0 prior to 2.0.15

Public proof-of-concept exploits

References

RHSA-2018:1809 (x_refsource_REDHAT, vendor-advisory)
pivotal.io/security/cve-2018-1260 (x_refsource_CONFIRM)
RHSA-2018:2939 (x_refsource_REDHAT, vendor-advisory)
104158 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-1260?: CVE-2018-1260 is a vulnerability in Pivotal Spring Security Oauth. Published 2018-05-11.
Is CVE-2018-1260 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.