Описание
Access Control Bypass in Spring Security
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Пакеты
org.springframework.security:spring-security-config
>= 5.6.0, < 5.6.12
5.6.12
org.springframework.security:spring-security-config
>= 5.7.0, < 5.7.10
5.7.10
org.springframework.security:spring-security-config
>= 5.8.0, < 5.8.5
5.8.5
org.springframework.security:spring-security-config
>= 6.0.0, < 6.0.5
6.0.5
org.springframework.security:spring-security-config
>= 6.1.0, < 6.1.2
6.1.2
Связанные уязвимости
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Using "**" as a pattern in Spring Security configuration for WebFlux ...
Уязвимость Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, связанная с использованием «**» в качестве шаблона в конфигурации Spring Security для WebFlux, позволяющая нарушителю обойти существующие ограничения безопасности