A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the response_type parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code execution via the crafting of the value for response_type.