Candidate: CVE-2021-22119
PublicDate: 2021-06-29 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22119
 https://tanzu.vmware.com/security/cve-2021-22119
Description:
 Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x
 prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a
 Denial-of-Service (DoS) attack via the initiation of the Authorization
 Request in an OAuth 2.0 Client Web and WebFlux application. A malicious
 user or attacker can send multiple requests initiating the Authorization
 Request for the Authorization Code Grant, which has the potential of
 exhausting system resources using a single session or multiple sessions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Craig Andrews
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libspring-security-2.0-java:
upstream_libspring-security-2.0-java: released (5.5.1)
trusty_libspring-security-2.0-java: ignored (out of standard support)
trusty/esm_libspring-security-2.0-java: DNE
xenial_libspring-security-2.0-java: ignored (out of standard support)
bionic_libspring-security-2.0-java: DNE
focal_libspring-security-2.0-java: DNE
groovy_libspring-security-2.0-java: DNE
hirsute_libspring-security-2.0-java: DNE
impish_libspring-security-2.0-java: DNE
jammy_libspring-security-2.0-java: DNE
devel_libspring-security-2.0-java: DNE