VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@5.3.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.springframework.security/spring-security-core@5.3.9

Essentials
History (2)

purl	pkg:maven/org.springframework.security/spring-security-core@5.3.9
Tags	Ghost

Next non-vulnerable version	5.7.14
Latest non-vulnerable version	6.5.4
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ykkv-ahjn-d7eb Aliases: CVE-2021-22119 GHSA-w9jg-gvgr-354m	Incorrect Authorization Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.	5.3.10 Affected by 0 other vulnerabilities. 5.3.10.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ykkv-ahjn-d7eb
Aliases:
CVE-2021-22119
GHSA-w9jg-gvgr-354m

Incorrect Authorization Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

5.3.10
Affected by 0 other vulnerabilities.

5.3.10.RELEASE
Affected by 3 other vulnerabilities.

5.4.7
Affected by 3 other vulnerabilities.

5.5.1
Affected by 3 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:57:33.516149+00:00	GHSA Importer	Affected by	VCID-ykkv-ahjn-d7eb	https://github.com/advisories/GHSA-w9jg-gvgr-354m	38.1.0
2026-04-02T12:37:58.331765+00:00	GitLab Importer	Fixing	VCID-yeaf-ta2h-p7c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2021-22112.yml	38.0.0