VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@3.2.8.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-46dm-5t83-tyh6 Aliases: CVE-2016-5007 GHSA-8crv-49fr-2h6j	Spring Security / MVC Path Matching Inconsistency This package rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.	4.1.1 Affected by 0 other vulnerabilities. 4.1.1.RELEASE Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-aygn-9njz-ybfh Aliases: CVE-2016-9879 GHSA-v35c-49j6-q8hq	Encoded "/" in path variables This package does not consider URL path parameters when processing security constraints.Users of IBM WebSphere Application Server `8.5.x` are known to be affected. Users of other containers that implement the Servlet specification may be affected.	3.2.10.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.4.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.1.RELEASE Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vh4r-sk3t-eqe3 Aliases: CVE-2021-22112 GHSA-gq28-h5vg-8prx	privilege escalation	5.2.9 Affected by 0 other vulnerabilities. 5.2.9.RELEASE Affected by 0 other vulnerabilities. 5.3.9 Affected by 0 other vulnerabilities. 5.3.9.RELEASE Affected by 0 other vulnerabilities. 5.4.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-46dm-5t83-tyh6
Aliases:
CVE-2016-5007
GHSA-8crv-49fr-2h6j

Spring Security / MVC Path Matching Inconsistency This package rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

4.1.1
Affected by 0 other vulnerabilities.

4.1.1.RELEASE
Affected by 4 other vulnerabilities.

VCID-aygn-9njz-ybfh
Aliases:
CVE-2016-9879
GHSA-v35c-49j6-q8hq

Encoded "/" in path variables This package does not consider URL path parameters when processing security constraints.Users of IBM WebSphere Application Server `8.5.x` are known to be affected. Users of other containers that implement the Servlet specification may be affected.

3.2.10.RELEASE
Affected by 2 other vulnerabilities.

4.1.4.RELEASE
Affected by 3 other vulnerabilities.

4.2.1.RELEASE
Affected by 6 other vulnerabilities.

VCID-vh4r-sk3t-eqe3
Aliases:
CVE-2021-22112
GHSA-gq28-h5vg-8prx

privilege escalation

5.2.9
Affected by 0 other vulnerabilities.

5.2.9.RELEASE
Affected by 0 other vulnerabilities.

5.3.9
Affected by 0 other vulnerabilities.

5.3.9.RELEASE
Affected by 0 other vulnerabilities.

5.4.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:45:17.704332+00:00	GitLab Importer	Affected by	VCID-vh4r-sk3t-eqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2021-22112.yml	38.6.0
2026-06-04T20:08:06.631190+00:00	GitLab Importer	Affected by	VCID-46dm-5t83-tyh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2016-5007.yml	38.6.0
2026-06-04T20:07:25.808311+00:00	GitLab Importer	Affected by	VCID-aygn-9njz-ybfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2016-9879.yml	38.6.0
2026-06-04T18:23:35.102029+00:00	GHSA Importer	Affected by	VCID-46dm-5t83-tyh6	https://github.com/advisories/GHSA-8crv-49fr-2h6j	38.6.0