VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-bom@5.1.6.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-yeaf-ta2h-p7c1 Aliases: CVE-2021-22112 GHSA-gq28-h5vg-8prx	Privilege escalation in spring security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.	5.2.9 Affected by 0 other vulnerabilities. 5.2.9.RELEASE Affected by 0 other vulnerabilities. 5.3.8 Affected by 0 other vulnerabilities. 5.3.9 Affected by 0 other vulnerabilities. 5.3.9.RELEASE Affected by 0 other vulnerabilities. 5.4.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-yeaf-ta2h-p7c1
Aliases:
CVE-2021-22112
GHSA-gq28-h5vg-8prx

Privilege escalation in spring security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

5.2.9
Affected by 0 other vulnerabilities.

5.2.9.RELEASE
Affected by 0 other vulnerabilities.

5.3.8
Affected by 0 other vulnerabilities.

5.3.9
Affected by 0 other vulnerabilities.

5.3.9.RELEASE
Affected by 0 other vulnerabilities.

5.4.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:22:42.599500+00:00	GitLab Importer	Affected by	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.4.0
2026-04-11T22:35:19.357238+00:00	GitLab Importer	Affected by	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.3.0
2026-04-02T22:46:24.787616+00:00	GitLab Importer	Affected by	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.1.0
2026-04-01T17:04:18.617849+00:00	GitLab Importer	Affected by	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.0.0