Vulnerabilities > Vmware > Spring Security > 5.4.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-19 | CVE-2022-22976 | Integer Overflow or Wraparound vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. | 5.3 |
2022-05-19 | CVE-2022-22978 | Incorrect Authorization vulnerability in multiple products In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. | 9.8 |
2021-06-29 | CVE-2021-22119 | Incorrect Authorization vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. | 7.5 |
2021-02-23 | CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). | 8.8 |