Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-config@5.8.1
Typemaven
Namespaceorg.springframework.security
Namespring-security-config
Version5.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.5
Latest_non_vulnerable_version6.1.4
Affected_by_vulnerabilities
0
url VCID-7ceg-a9bh-fkau
vulnerability_id VCID-7ceg-a9bh-fkau
summary 
Incorrect Authorization
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)

Specifically, an application is vulnerable when all of the following are true:

 * Spring MVC is on the classpath
 * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)
 * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints


An application is not vulnerable if any of the following is true:

 * The application does not have Spring MVC on the classpath
 * The application secures no servlets other than Spring MVC’s DispatcherServlet
 * The application uses requestMatchers(String) only for Spring MVC endpoints
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34035
reference_id
reference_type
scores
0
value 0.02176
scoring_system epss
scoring_elements 0.8428
published_at 2026-04-02T12:55:00Z
1
value 0.02176
scoring_system epss
scoring_elements 0.84345
published_at 2026-04-11T12:55:00Z
2
value 0.02176
scoring_system epss
scoring_elements 0.84327
published_at 2026-04-09T12:55:00Z
3
value 0.02176
scoring_system epss
scoring_elements 0.84321
published_at 2026-04-08T12:55:00Z
4
value 0.02176
scoring_system epss
scoring_elements 0.84299
published_at 2026-04-07T12:55:00Z
5
value 0.02472
scoring_system epss
scoring_elements 0.85275
published_at 2026-04-12T12:55:00Z
6
value 0.02472
scoring_system epss
scoring_elements 0.85291
published_at 2026-04-21T12:55:00Z
7
value 0.02472
scoring_system epss
scoring_elements 0.85294
published_at 2026-04-18T12:55:00Z
8
value 0.02472
scoring_system epss
scoring_elements 0.85293
published_at 2026-04-16T12:55:00Z
9
value 0.02472
scoring_system epss
scoring_elements 0.85272
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34035
1
reference_url https://github.com/spring-projects/spring-security/commit/bb46a5427005e33e637b15948de8adae244ce547
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/bb46a5427005e33e637b15948de8adae244ce547
2
reference_url https://github.com/spring-projects/spring-security/commit/df239b6448ccf138b0c95b5575a88f33ac35cd9a
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/df239b6448ccf138b0c95b5575a88f33ac35cd9a
3
reference_url https://github.com/spring-projects/spring-security-samples/commit/4e3bec904a5467db28ea33e25ac9d90524b53d66
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security-samples/commit/4e3bec904a5467db28ea33e25ac9d90524b53d66
4
reference_url https://github.com/spring-projects/spring-security-samples/tree/main/servlet/java-configuration/authentication/preauth
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security-samples/tree/main/servlet/java-configuration/authentication/preauth
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34035
reference_id CVE-2023-34035
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34035
6
reference_url https://spring.io/security/cve-2023-34035
reference_id CVE-2023-34035
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T15:47:27Z/
url https://spring.io/security/cve-2023-34035
7
reference_url https://github.com/advisories/GHSA-4vpr-xfrp-cj64
reference_id GHSA-4vpr-xfrp-cj64
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vpr-xfrp-cj64
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-config@5.8.5
purl pkg:maven/org.springframework.security/spring-security-config@5.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@5.8.5
1
url pkg:maven/org.springframework.security/spring-security-config@6.0.5
purl pkg:maven/org.springframework.security/spring-security-config@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.0.5
2
url pkg:maven/org.springframework.security/spring-security-config@6.1.2
purl pkg:maven/org.springframework.security/spring-security-config@6.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.1.2
aliases CVE-2023-34035, GHSA-4vpr-xfrp-cj64
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ceg-a9bh-fkau
1
url VCID-8dx4-u4aa-xuet
vulnerability_id VCID-8dx4-u4aa-xuet
summary 
Improper Handling of Inconsistent Structural Elements
Using "**" as a pattern in Spring Security configuration 
for WebFlux creates a mismatch in pattern matching between Spring 
Security and Spring WebFlux, and the potential for a security bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34034.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34034
reference_id
reference_type
scores
0
value 0.47909
scoring_system epss
scoring_elements 0.97726
published_at 2026-04-21T12:55:00Z
1
value 0.47909
scoring_system epss
scoring_elements 0.97702
published_at 2026-04-02T12:55:00Z
2
value 0.47909
scoring_system epss
scoring_elements 0.97704
published_at 2026-04-04T12:55:00Z
3
value 0.47909
scoring_system epss
scoring_elements 0.97703
published_at 2026-04-07T12:55:00Z
4
value 0.47909
scoring_system epss
scoring_elements 0.97708
published_at 2026-04-08T12:55:00Z
5
value 0.47909
scoring_system epss
scoring_elements 0.97711
published_at 2026-04-09T12:55:00Z
6
value 0.47909
scoring_system epss
scoring_elements 0.97714
published_at 2026-04-11T12:55:00Z
7
value 0.47909
scoring_system epss
scoring_elements 0.97716
published_at 2026-04-12T12:55:00Z
8
value 0.47909
scoring_system epss
scoring_elements 0.97718
published_at 2026-04-13T12:55:00Z
9
value 0.47909
scoring_system epss
scoring_elements 0.97723
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34034
2
reference_url https://security.netapp.com/advisory/ntap-20230814-0008
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230814-0008
3
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5777893
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5777893
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241271
reference_id 2241271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241271
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34034
reference_id CVE-2023-34034
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34034
6
reference_url https://ossindex.sonatype.org/vulnerability/CVE-2023-34034
reference_id CVE-2023-34034
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://ossindex.sonatype.org/vulnerability/CVE-2023-34034
7
reference_url https://spring.io/security/cve-2023-34034
reference_id CVE-2023-34034
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-28T14:34:24Z/
url https://spring.io/security/cve-2023-34034
8
reference_url https://github.com/advisories/GHSA-3h6f-g5f3-gc4w
reference_id GHSA-3h6f-g5f3-gc4w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h6f-g5f3-gc4w
9
reference_url https://security.netapp.com/advisory/ntap-20230814-0008/
reference_id ntap-20230814-0008
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-28T14:34:24Z/
url https://security.netapp.com/advisory/ntap-20230814-0008/
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-config@5.8.5
purl pkg:maven/org.springframework.security/spring-security-config@5.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@5.8.5
1
url pkg:maven/org.springframework.security/spring-security-config@6.0.5
purl pkg:maven/org.springframework.security/spring-security-config@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.0.5
2
url pkg:maven/org.springframework.security/spring-security-config@6.1.2
purl pkg:maven/org.springframework.security/spring-security-config@6.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.1.2
aliases CVE-2023-34034, GHSA-3h6f-g5f3-gc4w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8dx4-u4aa-xuet
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@5.8.1