cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38827,https://securityvulnerability.io/vulnerability/CVE-2024-38827,Authorization Rules May Not Work Properly Due to Locale-Dependent Exceptions in Java,The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.,Spring By Vmware Tanzu,Spring Security,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T14:32:12.471Z,0
CVE-2023-34034,https://securityvulnerability.io/vulnerability/CVE-2023-34034,Security Bypass in Spring Security for WebFlux by Vendor Spring,"A mismatch in pattern matching between Spring Security and Spring WebFlux arises when using '**' as a pattern in the Spring Security configuration. This vulnerability could potentially allow for a security bypass, exposing applications to unauthorized access and other security risks. Developers and administrators are advised to review their configurations and apply the necessary mitigations as outlined by the vendor.",Vmware,Spring Security,9.8,CRITICAL,0.0024900001008063555,false,false,false,true,true,false,false,2023-07-19T15:15:00.000Z,0
CVE-2023-34035,https://securityvulnerability.io/vulnerability/CVE-2023-34035,Authorization Rule Misconfiguration in Spring Security by Pivotal Software,"Spring Security versions prior to 5.8.5, 6.0.5, and 6.1.2 contain a vulnerability that may allow for authorization rule misconfigurations. This primarily affects applications that utilize requestMatchers(String) with multiple servlets, including Spring MVC's DispatcherServlet. The application is at risk if it includes Spring MVC on the classpath and secures multiple servlets but does not restrict request matchers to only Spring MVC endpoints. Conversely, applications free of Spring MVC, or that secure only the DispatcherServlet with proper request matchers, are not affected.",Vmware,Spring Security,7.3,HIGH,0.0007300000288523734,false,false,false,true,true,false,false,2023-07-18T16:15:00.000Z,0
CVE-2023-20862,https://securityvulnerability.io/vulnerability/CVE-2023-20862,,"In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.",Vmware,Spring Security,6.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-04-19T00:00:00.000Z,0
CVE-2022-31690,https://securityvulnerability.io/vulnerability/CVE-2022-31690,,"Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",Vmware,Spring Security,8.1,HIGH,0.002409999957308173,false,false,false,false,,false,false,2022-10-31T00:00:00.000Z,0
CVE-2022-22976,https://securityvulnerability.io/vulnerability/CVE-2022-22976,,"Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.",Vmware,Spring Security,5.3,MEDIUM,0.0011500000255182385,false,false,false,true,true,false,false,2022-05-19T14:50:46.000Z,0
CVE-2022-22978,https://securityvulnerability.io/vulnerability/CVE-2022-22978,,"In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",Vmware,Spring Security,9.8,CRITICAL,0.004370000213384628,false,false,false,true,true,false,false,2022-05-19T00:00:00.000Z,0
CVE-2021-22119,https://securityvulnerability.io/vulnerability/CVE-2021-22119,,"Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.",Vmware,Spring Security,7.5,HIGH,0.003909999970346689,false,false,false,true,true,false,false,2021-06-29T16:15:05.000Z,0
CVE-2021-22112,https://securityvulnerability.io/vulnerability/CVE-2021-22112,,"Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.",Vmware,Spring Security,8.8,HIGH,0.0026700000744313,false,false,false,false,,false,false,2021-02-23T18:48:02.000Z,0
CVE-2020-5408,https://securityvulnerability.io/vulnerability/CVE-2020-5408,Dictionary attack with Spring Security queryable text encryptor,"Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.",Spring By Vmware,Spring Security,6.5,MEDIUM,0.0013500000350177288,false,false,false,false,,false,false,2020-05-14T18:15:00.000Z,0
CVE-2020-5407,https://securityvulnerability.io/vulnerability/CVE-2020-5407,Signature Wrapping Vulnerability with spring-security-saml2-service-provider,"Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.",Spring By Vmware,Spring Security,8.8,HIGH,0.01155999954789877,false,false,false,false,,false,false,2020-05-13T00:00:00.000Z,0
CVE-2017-4995,https://securityvulnerability.io/vulnerability/CVE-2017-4995,,"An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known ""deserialization gadgets."" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) ""deserialization gadget"" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown ""deserialization gadgets"" when Spring Security enables default typing.",Vmware,Spring Security Spring Security 4.2.0.release 4.2.2.release And Spring Security 5.0.0.m1,8.1,HIGH,0.005080000031739473,false,false,false,false,,false,false,2017-11-27T10:00:00.000Z,0
CVE-2016-9879,https://securityvulnerability.io/vulnerability/CVE-2016-9879,,"An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded ""/"" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.",Vmware,"Pivotal Spring Security Before 3.2.10, 4.1.x Before 4.1.4, And 4.2.x Before 4.2.1",7.5,HIGH,0.0012100000167265534,false,false,false,false,,false,false,2017-01-06T22:00:00.000Z,0
CVE-2012-5055,https://securityvulnerability.io/vulnerability/CVE-2012-5055,,"DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.",Vmware,Springsource Spring Security,,,0.002730000065639615,false,false,false,false,,false,false,2012-12-05T17:55:00.000Z,0
CVE-2011-2732,https://securityvulnerability.io/vulnerability/CVE-2011-2732,,CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.,Vmware,Springsource Spring Security,,,0.00203999993391335,false,false,false,false,,false,false,2012-12-05T17:00:00.000Z,0
CVE-2011-2731,https://securityvulnerability.io/vulnerability/CVE-2011-2731,,"Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.",Vmware,Springsource Spring Security,,,0.00279000005684793,false,false,false,false,,false,false,2012-12-05T17:00:00.000Z,0
CVE-2011-2894,https://securityvulnerability.io/vulnerability/CVE-2011-2894,,"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",Vmware,"Spring Security,Spring Framework",,,0.015080000273883343,false,false,false,true,true,false,false,2011-10-04T10:00:00.000Z,0