cve/2018/CVE-2018-1260.md

### [CVE-2018-1260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1260)
![](https://img.shields.io/static/v1?label=Product&message=Spring%20Security%20OAuth&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)

### Description

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Cryin/Paper
- https://github.com/Drun1baby/CVE-Reproduction-And-Analysis
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ax1sX/SpringSecurity
- https://github.com/gyyyy/footprint
- https://github.com/langu-xyz/JavaVulnMap