Описание
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Уязвимость компонента mvcRequestMatche Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
EPSS
7.5 High
CVSS3