Secalert

**Name of the Vulnerable Software and Affected Versions** Spring Security OAuth versions 1.0.0 through 1.0.5 Spring Security OAuth versions 2.0.0 through 2.0.9 **Description** The issue allows a malicious user to trigger remote code execution by crafting the value for the `response type` parameter, which is executed as Spring SpEL when processing authorization requests using the whitelabel views. **Recommendations** For versions 1.0.0 through 1.0.5, update to a version that fixes this issue. For versions 2.0.0 through 2.0.9, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of the `response type` parameter in the affected API endpoint until a patch is available.