Описание
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
EPSS
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
When applications specify HTTP response headers for servlet applicatio ...
Spring Security HTTP Headers Are not Written Under Some Conditions
Уязвимость Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, связанная с использованием небезопасной прямой ссылкой на объект, позволяющая нарушителю выполнить произвольный код
EPSS
9.1 Critical
CVSS3