Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@5.4.7
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version5.4.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.7.14
Latest_non_vulnerable_version6.5.4
Affected_by_vulnerabilities
0
url VCID-cden-3spy-pyhz
vulnerability_id VCID-cden-3spy-pyhz
summary 
Integer overflow in BCrypt class in Spring Security
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22976.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22976.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22976
reference_id
reference_type
scores
0
value 0.0036
scoring_system epss
scoring_elements 0.58221
published_at 2026-04-18T12:55:00Z
1
value 0.0036
scoring_system epss
scoring_elements 0.58218
published_at 2026-04-16T12:55:00Z
2
value 0.0036
scoring_system epss
scoring_elements 0.58186
published_at 2026-04-13T12:55:00Z
3
value 0.0036
scoring_system epss
scoring_elements 0.58207
published_at 2026-04-12T12:55:00Z
4
value 0.0036
scoring_system epss
scoring_elements 0.5823
published_at 2026-04-11T12:55:00Z
5
value 0.0036
scoring_system epss
scoring_elements 0.58213
published_at 2026-04-09T12:55:00Z
6
value 0.0036
scoring_system epss
scoring_elements 0.5821
published_at 2026-04-08T12:55:00Z
7
value 0.0036
scoring_system epss
scoring_elements 0.58156
published_at 2026-04-07T12:55:00Z
8
value 0.0036
scoring_system epss
scoring_elements 0.58182
published_at 2026-04-04T12:55:00Z
9
value 0.0036
scoring_system epss
scoring_elements 0.58161
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22976
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/388a7b62b906bd56deadb7ca45248fa1a63bdf12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/388a7b62b906bd56deadb7ca45248fa1a63bdf12
4
reference_url https://github.com/spring-projects/spring-security/commit/a40f73521c0dd88b879ff6165d280e78bdf8154f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/a40f73521c0dd88b879ff6165d280e78bdf8154f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22976
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22976
6
reference_url https://security.netapp.com/advisory/ntap-20220707-0003
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220707-0003
7
reference_url https://tanzu.vmware.com/security/cve-2022-22976
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22976
8
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087214
reference_id 2087214
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087214
10
reference_url https://github.com/advisories/GHSA-wx54-3278-m5g4
reference_id GHSA-wx54-3278-m5g4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx54-3278-m5g4
11
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
12
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.5.7
purl pkg:maven/org.springframework.security/spring-security-core@5.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dwcq-d6nf-1ubn
1
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.5.7
1
url pkg:maven/org.springframework.security/spring-security-core@5.6.4
purl pkg:maven/org.springframework.security/spring-security-core@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dx4-u4aa-xuet
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.6.4
aliases CVE-2022-22976, GHSA-wx54-3278-m5g4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cden-3spy-pyhz
1
url VCID-dwcq-d6nf-1ubn
vulnerability_id VCID-dwcq-d6nf-1ubn
summary 
Erroneous authentication pass in Spring Security
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

Specifically, an application is vulnerable if:

The application uses AuthenticatedVoter directly and a null authentication parameter is passed to it resulting in an erroneous true return value.

An application is not vulnerable if any of the following is true:

* The application does not use AuthenticatedVoter#vote directly.
* The application does not pass null to AuthenticatedVoter#vote.

Note that AuthenticatedVoter is deprecated since 5.8, use implementations of AuthorizationManager as a replacement.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22257.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22257.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22257
reference_id
reference_type
scores
0
value 0.00264
scoring_system epss
scoring_elements 0.49797
published_at 2026-04-18T12:55:00Z
1
value 0.00264
scoring_system epss
scoring_elements 0.49751
published_at 2026-04-13T12:55:00Z
2
value 0.00264
scoring_system epss
scoring_elements 0.4975
published_at 2026-04-12T12:55:00Z
3
value 0.00264
scoring_system epss
scoring_elements 0.49778
published_at 2026-04-11T12:55:00Z
4
value 0.00264
scoring_system epss
scoring_elements 0.49765
published_at 2026-04-08T12:55:00Z
5
value 0.00264
scoring_system epss
scoring_elements 0.4971
published_at 2026-04-07T12:55:00Z
6
value 0.00264
scoring_system epss
scoring_elements 0.49759
published_at 2026-04-09T12:55:00Z
7
value 0.00264
scoring_system epss
scoring_elements 0.49732
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22257
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/5a7f12f1a9fdb4edaab6f61495f1d781a7273b61
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/5a7f12f1a9fdb4edaab6f61495f1d781a7273b61
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22257
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22257
5
reference_url https://security.netapp.com/advisory/ntap-20240419-0005
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240419-0005
6
reference_url https://spring.io/security/cve-2024-22257
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:22:14Z/
url https://spring.io/security/cve-2024-22257
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270158
reference_id 2270158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270158
8
reference_url https://github.com/advisories/GHSA-f3jh-qvm4-mg39
reference_id GHSA-f3jh-qvm4-mg39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3jh-qvm4-mg39
9
reference_url https://security.netapp.com/advisory/ntap-20240419-0005/
reference_id ntap-20240419-0005
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:22:14Z/
url https://security.netapp.com/advisory/ntap-20240419-0005/
10
reference_url https://access.redhat.com/errata/RHSA-2024:3708
reference_id RHSA-2024:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3708
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.7.12
purl pkg:maven/org.springframework.security/spring-security-core@5.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.7.12
1
url pkg:maven/org.springframework.security/spring-security-core@5.8.11
purl pkg:maven/org.springframework.security/spring-security-core@5.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.8.11
2
url pkg:maven/org.springframework.security/spring-security-core@6.1.8
purl pkg:maven/org.springframework.security/spring-security-core@6.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.1.8
3
url pkg:maven/org.springframework.security/spring-security-core@6.2.3
purl pkg:maven/org.springframework.security/spring-security-core@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.2.3
aliases CVE-2024-22257, GHSA-f3jh-qvm4-mg39
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwcq-d6nf-1ubn
2
url VCID-u6vb-w2bu-ykfk
vulnerability_id VCID-u6vb-w2bu-ykfk
summary 
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38827.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38827
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52729
published_at 2026-04-18T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52722
published_at 2026-04-16T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.52653
published_at 2026-04-04T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.52683
published_at 2026-04-13T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.52698
published_at 2026-04-12T12:55:00Z
5
value 0.00294
scoring_system epss
scoring_elements 0.52715
published_at 2026-04-11T12:55:00Z
6
value 0.00294
scoring_system epss
scoring_elements 0.52664
published_at 2026-04-09T12:55:00Z
7
value 0.00294
scoring_system epss
scoring_elements 0.5267
published_at 2026-04-08T12:55:00Z
8
value 0.00294
scoring_system epss
scoring_elements 0.5262
published_at 2026-04-07T12:55:00Z
9
value 0.00294
scoring_system epss
scoring_elements 0.52627
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38827
2
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework
3
reference_url https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
4
reference_url https://github.com/spring-projects/spring-framework/issues/33708
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/33708
5
reference_url https://github.com/spring-projects/spring-framework/issues/34232
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/34232
6
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38827
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38827
8
reference_url https://security.netapp.com/advisory/ntap-20250124-0007
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250124-0007
9
reference_url https://spring.io/security/cve-2024-38827
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T15:27:02Z/
url https://spring.io/security/cve-2024-38827
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329971
reference_id 2329971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329971
11
reference_url https://github.com/advisories/GHSA-q3v6-hm2v-pw99
reference_id GHSA-q3v6-hm2v-pw99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3v6-hm2v-pw99
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.7.14
purl pkg:maven/org.springframework.security/spring-security-core@5.7.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.7.14
1
url pkg:maven/org.springframework.security/spring-security-core@5.8.16
purl pkg:maven/org.springframework.security/spring-security-core@5.8.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.8.16
2
url pkg:maven/org.springframework.security/spring-security-core@6.0.14
purl pkg:maven/org.springframework.security/spring-security-core@6.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.0.14
3
url pkg:maven/org.springframework.security/spring-security-core@6.1.12
purl pkg:maven/org.springframework.security/spring-security-core@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.1.12
4
url pkg:maven/org.springframework.security/spring-security-core@6.2.8
purl pkg:maven/org.springframework.security/spring-security-core@6.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.2.8
5
url pkg:maven/org.springframework.security/spring-security-core@6.3.5
purl pkg:maven/org.springframework.security/spring-security-core@6.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.3.5
aliases CVE-2024-38827, GHSA-q3v6-hm2v-pw99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6vb-w2bu-ykfk
Fixing_vulnerabilities
0
url VCID-ykkv-ahjn-d7eb
vulnerability_id VCID-ykkv-ahjn-d7eb
summary 
Incorrect Authorization
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
reference_id
reference_type
scores
0
value 0.04895
scoring_system epss
scoring_elements 0.89607
published_at 2026-04-18T12:55:00Z
1
value 0.04895
scoring_system epss
scoring_elements 0.89605
published_at 2026-04-16T12:55:00Z
2
value 0.04895
scoring_system epss
scoring_elements 0.89598
published_at 2026-04-12T12:55:00Z
3
value 0.04895
scoring_system epss
scoring_elements 0.89599
published_at 2026-04-11T12:55:00Z
4
value 0.04895
scoring_system epss
scoring_elements 0.89592
published_at 2026-04-13T12:55:00Z
5
value 0.04895
scoring_system epss
scoring_elements 0.89587
published_at 2026-04-08T12:55:00Z
6
value 0.04895
scoring_system epss
scoring_elements 0.8957
published_at 2026-04-07T12:55:00Z
7
value 0.04895
scoring_system epss
scoring_elements 0.89557
published_at 2026-04-02T12:55:00Z
8
value 0.04895
scoring_system epss
scoring_elements 0.89553
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/pull/9513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/pull/9513
4
reference_url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
reference_id 1977064
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
14
reference_url https://tanzu.vmware.com/security/cve-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22119
15
reference_url https://github.com/advisories/GHSA-w9jg-gvgr-354m
reference_id GHSA-w9jg-gvgr-354m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9jg-gvgr-354m
16
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.2.11
purl pkg:maven/org.springframework.security/spring-security-core@5.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.2.11
1
url pkg:maven/org.springframework.security/spring-security-core@5.2.11.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.2.11.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.2.11.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-core@5.3.10
purl pkg:maven/org.springframework.security/spring-security-core@5.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.10
3
url pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
4
url pkg:maven/org.springframework.security/spring-security-core@5.4.7
purl pkg:maven/org.springframework.security/spring-security-core@5.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.7
5
url pkg:maven/org.springframework.security/spring-security-core@5.5.1
purl pkg:maven/org.springframework.security/spring-security-core@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.5.1
aliases CVE-2021-22119, GHSA-w9jg-gvgr-354m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkv-ahjn-d7eb
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.7