Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-core@6.3.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4ebc-ngad-mqa6
Aliases: CVE-2025-22234 GHSA-vqxh-445g-37fc |
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:07:49.125618+00:00 | GHSA Importer | Affected by | VCID-4ebc-ngad-mqa6 | https://github.com/advisories/GHSA-vqxh-445g-37fc | 38.0.0 |
| 2026-04-01T12:52:16.956418+00:00 | GithubOSV Importer | Affected by | VCID-4ebc-ngad-mqa6 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-vqxh-445g-37fc/GHSA-vqxh-445g-37fc.json | 38.0.0 |