VMware

Spring Security

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.57%
  • Veröffentlicht 18.07.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 08:06:26

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s ...

  • EPSS 0.65%
  • Veröffentlicht 19.04.2023 20:15:10
  • Zuletzt bearbeitet 05.02.2025 16:15:33

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to exp...

  • EPSS 3.43%
  • Veröffentlicht 31.10.2022 20:15:12
  • Zuletzt bearbeitet 06.05.2025 16:15:23

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The applica...

  • EPSS 1.01%
  • Veröffentlicht 31.10.2022 20:15:12
  • Zuletzt bearbeitet 08.05.2025 19:15:52

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (v...

  • EPSS 10.04%
  • Veröffentlicht 19.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:47:43

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular ex...

  • EPSS 2.14%
  • Veröffentlicht 19.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:47:43

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt roun...

  • EPSS 6%
  • Veröffentlicht 29.06.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:32

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and We...

  • EPSS 3.2%
  • Veröffentlicht 23.02.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:49:31

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause th...

  • EPSS 1.59%
  • Veröffentlicht 14.05.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:34:06

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A ...

  • EPSS 1.37%
  • Veröffentlicht 26.06.2019 14:15:09
  • Zuletzt bearbeitet 12.09.2025 19:44:04

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user...