Vulnerabilities > Vmware > Spring Security > 5.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-34034 | Unspecified vulnerability in VMWare Spring Security Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | 9.8 |
2023-04-19 | CVE-2023-20862 | Incomplete Cleanup vulnerability in multiple products In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. | 6.3 |
2022-10-31 | CVE-2022-31690 | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. | 8.1 |
2022-10-31 | CVE-2022-31692 | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. | 9.8 |