Описание
Spring Security HTTP Headers Are not Written Under Some Conditions
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
Пакеты
org.springframework.security:spring-security-web
<= 5.7.14
Отсутствует
org.springframework.security:spring-security-web
>= 5.8.0, <= 5.8.16
Отсутствует
org.springframework.security:spring-security-web
>= 6.0.0, <= 6.3.10
Отсутствует
org.springframework.security:spring-security-web
>= 6.4.0, <= 6.4.13
Отсутствует
org.springframework.security:spring-security-web
>= 6.5.0, < 6.5.9
6.5.9
org.springframework.security:spring-security-web
>= 7.0.0, < 7.0.4
7.0.4
Связанные уязвимости
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
When applications specify HTTP response headers for servlet applicatio ...
Уязвимость Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, связанная с использованием небезопасной прямой ссылкой на объект, позволяющая нарушителю выполнить произвольный код