Описание
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | org.springframework.security/spring-security-core | Not affected | ||
| OpenShift Developer Tools and Services | spring-security-core | Affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | org.springframework.security/spring-security-core | Not affected | ||
| Red Hat build of Apache Camel - HawtIO 4 | org.springframework.security/spring-security-core | Affected | ||
| Red Hat Build of Keycloak | org.springframework.security/spring-security-core | Not affected | ||
| Red Hat Data Grid 8 | org.springframework.security/spring-security-core | Will not fix | ||
| Red Hat Fuse 7 | org.springframework.security/spring-security-core | Out of support scope | ||
| Red Hat Integration Camel K 1 | org.springframework.security/spring-security-core | Not affected | ||
| Red Hat JBoss Data Grid 7 | org.springframework.security/spring-security-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.springframework.security/spring-security-core | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-639
https://bugzilla.redhat.com/show_bug.cgi?id=2329971spring-security: authorization bypass for case sensitive comparisons
EPSS
Процентиль: 52%
0.00288
Низкий
4.8 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.8
nvd
около 1 года назад
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
CVSS3: 4.8
debian
около 1 года назад
The usage of String.toLowerCase()and String.toUpperCase()has some Loca ...
CVSS3: 4.8
github
около 1 года назад
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
CVSS3: 4.8
fstec
около 1 года назад
Уязвимость функций String.toLowerCase() и String.toUpperCase() Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, позволяющая нарушителю обойти процесс авторизации
EPSS
Процентиль: 52%
0.00288
Низкий
4.8 Medium
CVSS3