Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cden-3spy-pyhz
Aliases: CVE-2022-22976 GHSA-wx54-3278-m5g4 |
Integer overflow in BCrypt class in Spring Security Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-dwcq-d6nf-1ubn
Aliases: CVE-2024-22257 GHSA-f3jh-qvm4-mg39 |
Erroneous authentication pass in Spring Security In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. Specifically, an application is vulnerable if: The application uses AuthenticatedVoter directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticatedVoter#vote directly. * The application does not pass null to AuthenticatedVoter#vote. Note that AuthenticatedVoter is deprecated since 5.8, use implementations of AuthorizationManager as a replacement. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-f3g5-hamr-6yar
Aliases: CVE-2019-3795 GHSA-v2r2-7qm7-jj6v |
Insufficient Entropy in PRNG Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. |
Affected by 1 other vulnerability. Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-hedq-eav6-4fee
Aliases: CVE-2020-5408 GHSA-2ppp-9496-p23q |
Insufficient Entropy in Spring Security Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-pz7c-p4ze-kfhc
Aliases: CVE-2019-11272 GHSA-v33x-prhc-gph5 |
PlaintextPasswordEncoder authenticates encoded passwords that are null Spring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-qpxj-fzta-v7bs
Aliases: CVE-2018-1199 GHSA-v596-fwhq-8x48 |
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-u6vb-w2bu-ykfk
Aliases: CVE-2024-38827 GHSA-q3v6-hm2v-pw99 |
Spring Framework has Authorization Bypass for Case Sensitive Comparisons The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-yeaf-ta2h-p7c1
Aliases: CVE-2021-22112 GHSA-gq28-h5vg-8prx |
Privilege escalation in spring security Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xdnd-ar9s-afd8 | An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. |
CVE-2017-4995
GHSA-vhrg-v3cv-p247 |