[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-31690":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":27,"related":28,"reserved_at":9,"published_at":29,"modified_at":30,"state":31,"summary":32,"references_raw":41,"kevs":69,"epss":70,"epss_history":73,"metrics":343,"affected":353},"CVE-2022-31690","Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[20],"GHSA-32vj-v39g-jh23",[],[23,25],{"_key":24},"RHSA-2023:1655",{"_key":26},"UBUNTU-CVE-2022-31690",[],[],"2022-10-31T00:00:00.000Z","2025-05-08T18:47:35.924Z","Modified",{"cisa_kev":33,"cisa_ransomware":33,"cisa_vendor":9,"epss_severity":34,"epss_score":35,"severity":36,"severity_score":37,"severity_version":38,"severity_source":39,"severity_vector":40,"severity_status":31},false,"low",0.00313,"high",8.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[42,51,56,61,65],{"url":43,"sources":44,"tags":47},"https://tanzu.vmware.com/security/cve-2022-31690",[39,45,46],"nvd","osv_maven",[48,49,50],"Mitigation","Vendor Advisory","WEB",{"url":52,"sources":53,"tags":54},"https://security.netapp.com/advisory/ntap-20221215-0010/",[39,45],[55],"Third Party Advisory",{"url":57,"sources":58,"tags":59},"https://nvd.nist.gov/vuln/detail/CVE-2022-31690",[46],[60],"Advisory",{"url":62,"sources":63,"tags":64},"https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48",[46],[50],{"url":66,"sources":67,"tags":68},"https://security.netapp.com/advisory/ntap-20221215-0010",[46],[50],[],{"date":71,"score":35,"percentile":72},"2026-06-04",0.54746,[74,78,81,84,87,90,93,96,99,101,104,107,110,113,116,120,123,126,130,132,135,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,248,251,254,257,260,263,266,269,272,275,277,281,284,287,290,293,296,299,302,304,306,309,312,315,318,321,324,328,331,334,337,340],{"date":75,"score":76,"percentile":77},"2025-11-04",0.00207,0.43208,{"date":79,"score":76,"percentile":80},"2025-11-05",0.43203,{"date":82,"score":76,"percentile":83},"2025-11-06",0.43215,{"date":85,"score":76,"percentile":86},"2025-11-07",0.43242,{"date":88,"score":76,"percentile":89},"2025-11-08",0.43241,{"date":91,"score":76,"percentile":92},"2025-11-09",0.43219,{"date":94,"score":76,"percentile":95},"2025-11-10",0.43182,{"date":97,"score":76,"percentile":98},"2025-11-11",0.43201,{"date":100,"score":76,"percentile":89},"2025-11-12",{"date":102,"score":76,"percentile":103},"2025-11-13",0.43254,{"date":105,"score":76,"percentile":106},"2025-11-14",0.43266,{"date":108,"score":76,"percentile":109},"2025-11-15",0.4326,{"date":111,"score":76,"percentile":112},"2025-11-16",0.43245,{"date":114,"score":76,"percentile":115},"2025-11-17",0.43216,{"date":117,"score":118,"percentile":119},"2025-11-18",0.00645,0.68311,{"date":121,"score":118,"percentile":122},"2025-11-19",0.68318,{"date":124,"score":118,"percentile":125},"2025-11-20",0.68312,{"date":127,"score":128,"percentile":129},"2025-11-21",0.00241,0.47272,{"date":131,"score":128,"percentile":129},"2025-11-22",{"date":133,"score":128,"percentile":134},"2025-11-23",0.47245,{"date":136,"score":128,"percentile":137},"2025-11-24",0.47234,{"date":139,"score":128,"percentile":140},"2025-11-25",0.47242,{"date":142,"score":128,"percentile":143},"2025-11-26",0.47243,{"date":145,"score":128,"percentile":146},"2025-11-27",0.47248,{"date":148,"score":128,"percentile":149},"2025-11-28",0.47217,{"date":151,"score":128,"percentile":152},"2025-11-29",0.47199,{"date":154,"score":128,"percentile":155},"2025-11-30",0.47188,{"date":157,"score":128,"percentile":158},"2025-12-01",0.47336,{"date":160,"score":128,"percentile":161},"2025-12-02",0.47349,{"date":163,"score":128,"percentile":164},"2025-12-03",0.47343,{"date":166,"score":128,"percentile":167},"2025-12-04",0.47182,{"date":169,"score":128,"percentile":170},"2025-12-05",0.47203,{"date":172,"score":128,"percentile":173},"2025-12-06",0.47202,{"date":175,"score":128,"percentile":176},"2025-12-07",0.47187,{"date":178,"score":128,"percentile":179},"2025-12-08",0.47194,{"date":181,"score":128,"percentile":182},"2025-12-09",0.47224,{"date":184,"score":128,"percentile":185},"2025-12-10",0.47288,{"date":187,"score":128,"percentile":188},"2025-12-11",0.47311,{"date":190,"score":128,"percentile":191},"2025-12-12",0.47337,{"date":193,"score":128,"percentile":194},"2025-12-13",0.47319,{"date":196,"score":128,"percentile":197},"2025-12-14",0.47306,{"date":199,"score":128,"percentile":200},"2025-12-15",0.47289,{"date":202,"score":128,"percentile":203},"2025-12-16",0.47301,{"date":205,"score":128,"percentile":206},"2025-12-17",0.47326,{"date":208,"score":128,"percentile":209},"2025-12-18",0.47369,{"date":211,"score":128,"percentile":212},"2025-12-19",0.47375,{"date":214,"score":128,"percentile":215},"2025-12-20",0.47353,{"date":217,"score":128,"percentile":218},"2025-12-21",0.47328,{"date":220,"score":128,"percentile":221},"2025-12-22",0.47305,{"date":223,"score":128,"percentile":224},"2025-12-23",0.47303,{"date":226,"score":128,"percentile":227},"2025-12-24",0.47317,{"date":229,"score":128,"percentile":230},"2025-12-25",0.47363,{"date":232,"score":128,"percentile":233},"2025-12-26",0.47351,{"date":235,"score":128,"percentile":236},"2025-12-27",0.47379,{"date":238,"score":128,"percentile":239},"2025-12-28",0.47291,{"date":241,"score":128,"percentile":242},"2025-12-29",0.47269,{"date":244,"score":128,"percentile":245},"2025-12-30",0.47262,{"date":247,"score":128,"percentile":197},"2025-12-31",{"date":249,"score":128,"percentile":250},"2026-01-01",0.47464,{"date":252,"score":128,"percentile":253},"2026-01-02",0.47442,{"date":255,"score":128,"percentile":256},"2026-01-03",0.47427,{"date":258,"score":128,"percentile":259},"2026-01-04",0.47253,{"date":261,"score":128,"percentile":262},"2026-01-05",0.47236,{"date":264,"score":128,"percentile":265},"2026-01-06",0.47239,{"date":267,"score":128,"percentile":268},"2026-01-07",0.47257,{"date":270,"score":128,"percentile":271},"2026-01-08",0.47278,{"date":273,"score":128,"percentile":274},"2026-01-09",0.47249,{"date":276,"score":128,"percentile":140},"2026-01-10",{"date":278,"score":279,"percentile":280},"2026-01-11",0.00315,0.54164,{"date":282,"score":279,"percentile":283},"2026-01-12",0.54118,{"date":285,"score":279,"percentile":286},"2026-01-13",0.54097,{"date":288,"score":279,"percentile":289},"2026-01-14",0.54141,{"date":291,"score":279,"percentile":292},"2026-01-15",0.54143,{"date":294,"score":279,"percentile":295},"2026-01-16",0.54166,{"date":297,"score":279,"percentile":298},"2026-01-17",0.54156,{"date":300,"score":279,"percentile":301},"2026-01-18",0.5415,{"date":303,"score":279,"percentile":289},"2026-01-19",{"date":305,"score":279,"percentile":292},"2026-01-20",{"date":307,"score":279,"percentile":308},"2026-01-21",0.54149,{"date":310,"score":279,"percentile":311},"2026-01-22",0.54154,{"date":313,"score":279,"percentile":314},"2026-01-23",0.54197,{"date":316,"score":279,"percentile":317},"2026-01-24",0.54198,{"date":319,"score":279,"percentile":320},"2026-01-25",0.54158,{"date":322,"score":279,"percentile":323},"2026-01-26",0.54145,{"date":325,"score":326,"percentile":327},"2026-01-27",0.00318,0.54368,{"date":329,"score":326,"percentile":330},"2026-01-28",0.54383,{"date":332,"score":326,"percentile":333},"2026-01-29",0.54382,{"date":335,"score":326,"percentile":336},"2026-01-30",0.54388,{"date":338,"score":326,"percentile":339},"2026-01-31",0.54391,{"date":341,"score":326,"percentile":342},"2026-02-01",0.5453,[344,349,351],{"source":39,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":345,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":346,"vectorString":40,"impactScore":347,"exploitabilityScore":348},"HIGH",9.8,5.6,{"source":45,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":350,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":346,"vectorString":40,"impactScore":347,"exploitabilityScore":348},{"source":46,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":352,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":9,"vectorString":40,"impactScore":347,"exploitabilityScore":348},[354,372,381],{"ecosystem":355,"name":356,"vendor":357,"product":358,"cpe_part":9,"purl_type":359,"purl_namespace":357,"purl_name":358,"source":9,"versions":360},"Maven","org.springframework.security:spring-security-oauth2-client","org.springframework.security","spring-security-oauth2-client","maven",[361,369],{"version":362,"is_range":363,"range_type":364,"version_start":365,"version_start_type":366,"version_end":367,"version_end_type":368,"fixed_in":9},"gte5_7_0_lt5_7_5",true,"ecosystem","5.7.0","including","5.7.5","excluding",{"version":370,"is_range":363,"range_type":364,"version_start":9,"version_start_type":9,"version_end":371,"version_end_type":368,"fixed_in":9},"lt5_6_9","5.6.9",{"ecosystem":9,"name":373,"vendor":374,"product":375,"cpe_part":376,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":377},"active iq unified manager","netapp","active_iq_unified_manager","a",[378],{"version":379,"is_range":33,"range_type":380,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe",{"ecosystem":9,"name":382,"vendor":383,"product":384,"cpe_part":376,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":385},"spring security","vmware","spring_security",[386,389],{"version":387,"is_range":363,"range_type":380,"version_start":388,"version_start_type":366,"version_end":371,"version_end_type":368,"fixed_in":9},"gte5.6.0_lt5.6.9","5.6.0",{"version":390,"is_range":363,"range_type":380,"version_start":365,"version_start_type":366,"version_end":367,"version_end_type":368,"fixed_in":9},"gte5.7.0_lt5.7.5"]