VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@5.5.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-2b4h-659w-77ak Aliases: CVE-2024-38827 GHSA-q3v6-hm2v-pw99	The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.	5.7.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.8.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.0.14 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.8 Affected by 0 other vulnerabilities. 6.3.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e8tz-73s8-myct Aliases: CVE-2024-22257 GHSA-f3jh-qvm4-mg39	In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.	5.7.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.8.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2b4h-659w-77ak
Aliases:
CVE-2024-38827
GHSA-q3v6-hm2v-pw99

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

5.7.14
Affected by 1 other vulnerability.

5.8.16
Affected by 1 other vulnerability.

6.0.14
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

6.2.8
Affected by 0 other vulnerabilities.

6.3.5
Affected by 1 other vulnerability.

VCID-e8tz-73s8-myct
Aliases:
CVE-2024-22257
GHSA-f3jh-qvm4-mg39

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

5.7.12
Affected by 2 other vulnerabilities.

5.8.11
Affected by 2 other vulnerabilities.

6.1.8
Affected by 1 other vulnerability.

6.2.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-ctuz-c8x2-z7df		CVE-2022-22976 GHSA-wx54-3278-m5g4
VCID-zzwy-h4sw-4qdk		CVE-2022-22978 GHSA-hh32-7344-cg2f

Vulnerability

Summary

Aliases

VCID-ctuz-c8x2-z7df

CVE-2022-22976
GHSA-wx54-3278-m5g4

VCID-zzwy-h4sw-4qdk

CVE-2022-22978
GHSA-hh32-7344-cg2f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:47:35.834283+00:00	GitLab Importer	Affected by	VCID-2b4h-659w-77ak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-38827.yml	38.6.0
2026-06-12T19:23:25.002192+00:00	GitLab Importer	Affected by	VCID-e8tz-73s8-myct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-22257.yml	38.6.0
2026-06-12T18:16:09.301024+00:00	GitLab Importer	Fixing	VCID-ctuz-c8x2-z7df	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2022-22976.yml	38.6.0
2026-06-12T08:23:30.917785+00:00	GithubOSV Importer	Fixing	VCID-zzwy-h4sw-4qdk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh32-7344-cg2f/GHSA-hh32-7344-cg2f.json	38.6.0
2026-06-12T08:21:54.649143+00:00	GithubOSV Importer	Fixing	VCID-ctuz-c8x2-z7df	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wx54-3278-m5g4/GHSA-wx54-3278-m5g4.json	38.6.0