VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-bom@5.4.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-yeaf-ta2h-p7c1	Privilege escalation in spring security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.	CVE-2021-22112 GHSA-gq28-h5vg-8prx

Vulnerability

Summary

Aliases

VCID-yeaf-ta2h-p7c1

Privilege escalation in spring security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

CVE-2021-22112
GHSA-gq28-h5vg-8prx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:22:42.718722+00:00	GitLab Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.4.0
2026-04-11T22:35:19.497329+00:00	GitLab Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.3.0
2026-04-02T22:46:24.909920+00:00	GitLab Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.1.0
2026-04-02T16:56:38.867039+00:00	GHSA Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://github.com/advisories/GHSA-gq28-h5vg-8prx	38.1.0
2026-04-01T17:04:18.789730+00:00	GitLab Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-bom/CVE-2021-22112.yml	38.0.0
2026-04-01T13:02:58.851237+00:00	GithubOSV Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-gq28-h5vg-8prx/GHSA-gq28-h5vg-8prx.json	38.0.0