Invia #835622: https://github.com/jeecgboot/JeecgBoot JeecgBoot v3.9.2 Open Redirectinformazioni

Titolohttps://github.com/jeecgboot/JeecgBoot JeecgBoot v3.9.2 Open Redirect
DescrizioneJeecgBoot v3.9.2 contains an Open Redirect vulnerability in the OAuth2 login flow. The state parameter in /sys/thirdLogin/oauth2/{source}/login and /sys/thirdLogin/oauth2/{source}/callback is user-controlled and passed directly to HttpServletResponse.sendRedirect() without validation. An attacker can exploit this to redirect users to arbitrary URLs. In the OAuth2 callback flow, the victim's JWT token is appended to the redirect URL, which may lead to token leakage and account takeover.
Fonte⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9639
Utente
 mukyuuhate (UID 93052)
Sottomissione22/05/2026 08:30 (2 mesi fa)
Moderazione07/06/2026 15:48 (16 days later)
StatoAccettato
Voce VulDB369122 [JeecgBoot fino a 3.9.2 Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect state]
Punti20

Want to know what is going to be exploited?

We predict KEV entries!