GHSA-cxrj-66c5-9fmh

Suggest an improvement
Source
https://github.com/advisories/GHSA-cxrj-66c5-9fmh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cxrj-66c5-9fmh/GHSA-cxrj-66c5-9fmh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-cxrj-66c5-9fmh
Aliases
Published
2018-10-17T20:05:49Z
Modified
2024-03-14T21:08:21Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Details

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Database specific
{
    "nvd_published_at": "2018-05-11T20:29:00Z",
    "cwe_ids": [
        "CWE-863"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:33:19Z"
}
References

Affected packages

Maven / org.springframework:spring-core

Package

Name
org.springframework:spring-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.5.RELEASE
Fixed
5.0.6.RELEASE

Affected versions

5.*

5.0.5.RELEASE