CVE-2021-22119

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.2.x prior to 5.2.11 Spring Security versions 5.3.x prior to 5.3.10 Spring Security versions 5.4.x prior to 5.4.7 Spring Security versions 5.5.x prior to 5.5.1

Description The issue is related to an uncontrolled resource consumption in the Spring Security framework, which can be exploited by a remote attacker to cause a denial-of-service (DoS) via requests that initiate an authorization request for the authorization code grant in an OAuth 2.0 Client Web and WebFlux application. This can lead to the exhaustion of system resources using a single session or multiple sessions.

Recommendations For Spring Security version 5.2.x prior to 5.2.11, update to version 5.2.11 or later. For Spring Security version 5.3.x prior to 5.3.10, update to version 5.3.10 or later. For Spring Security version 5.4.x prior to 5.4.7, update to version 5.4.7 or later. For Spring Security version 5.5.x prior to 5.5.1, update to version 5.5.1 or later.