VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@5.3.8.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-szph-1zgk-a7dt Aliases: CVE-2022-22976 GHSA-wx54-3278-m5g4	springframework: BCrypt skips salt rounds for work factor of 31	5.5.7 Affected by 0 other vulnerabilities. 5.6.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ux7y-j3kn-b7fg Aliases: CVE-2021-22119 GHSA-w9jg-gvgr-354m	Incorrect Authorization Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.	5.3.10 Affected by 0 other vulnerabilities. 5.3.10.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.4.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vh4r-sk3t-eqe3 Aliases: CVE-2021-22112 GHSA-gq28-h5vg-8prx	privilege escalation	5.3.9 Affected by 0 other vulnerabilities. 5.3.9.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.4.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-szph-1zgk-a7dt
Aliases:
CVE-2022-22976
GHSA-wx54-3278-m5g4

springframework: BCrypt skips salt rounds for work factor of 31

5.5.7
Affected by 0 other vulnerabilities.

5.6.4
Affected by 1 other vulnerability.

VCID-ux7y-j3kn-b7fg
Aliases:
CVE-2021-22119
GHSA-w9jg-gvgr-354m

Incorrect Authorization Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

5.3.10
Affected by 0 other vulnerabilities.

5.3.10.RELEASE
Affected by 1 other vulnerability.

5.4.7
Affected by 1 other vulnerability.

5.5.1
Affected by 1 other vulnerability.

VCID-vh4r-sk3t-eqe3
Aliases:
CVE-2021-22112
GHSA-gq28-h5vg-8prx

privilege escalation

5.3.9
Affected by 0 other vulnerabilities.

5.3.9.RELEASE
Affected by 2 other vulnerabilities.

5.4.4
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T02:11:56.754986+00:00	GitLab Importer	Affected by	VCID-szph-1zgk-a7dt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2022-22976.yml	38.6.0
2026-06-06T00:47:12.116277+00:00	GitLab Importer	Affected by	VCID-ux7y-j3kn-b7fg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2021-22119.yml	38.6.0
2026-06-04T20:45:18.136036+00:00	GitLab Importer	Affected by	VCID-vh4r-sk3t-eqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2021-22112.yml	38.6.0