Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-core@4.1.5 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hedq-eav6-4fee
Aliases: CVE-2020-5408 GHSA-2ppp-9496-p23q |
Insufficient Entropy in Spring Security Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:36:43.982041+00:00 | GitLab Importer | Affected by | VCID-hedq-eav6-4fee | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2020-5408.yml | 38.0.0 |
| 2026-04-01T15:56:58.870648+00:00 | GHSA Importer | Fixing | VCID-qpxj-fzta-v7bs | https://github.com/advisories/GHSA-v596-fwhq-8x48 | 38.0.0 |
| 2026-04-01T13:03:21.910083+00:00 | GithubOSV Importer | Fixing | VCID-qpxj-fzta-v7bs | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-v596-fwhq-8x48/GHSA-v596-fwhq-8x48.json | 38.0.0 |