This post originated from an RSS feed registered with Java Buzz by News Manager. Original Post: Serious bug in widely used Java app library patched Feed Title: JavaWorld Feed URL: http://www.javaworld.com/index.rss Feed Description: JavaWorld.com: Fueling Innovation Latest Java Buzz Posts Latest Java Buzz Posts by News Manager Latest Posts From JavaWorld

A serious cross-site request forgery vulnerability in a widely used Java application library was patched last week. Developers who use Java Spring Social core library in their projects are strongly urged to update as soon as possible.

Attackers are able to take over a user's account by exploiting a CSRF-style flaw against the Spring Social authentication feature, according to the technical analysis posted on SourceClear's site. The Java Spring Social core library provides Java bindings to service provider APIs from sites such as GitHub, Facebook, LinkedIn, and Twitter. The library lets developers add a social login feature ("Login with GitHub," for example) to their applications and handles the connections with OAuth2 providers. Attackers who successfully exploit the flaw can use victims' social credentials to log in to their accounts on the vulnerable site.

To read this article in full or to leave a comment, please click here