VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@6.0.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-2b4h-659w-77ak Aliases: CVE-2024-38827 GHSA-q3v6-hm2v-pw99	The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.	6.0.14 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.8 Affected by 0 other vulnerabilities. 6.3.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e8tz-73s8-myct Aliases: CVE-2024-22257 GHSA-f3jh-qvm4-mg39	In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.	6.1.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2b4h-659w-77ak
Aliases:
CVE-2024-38827
GHSA-q3v6-hm2v-pw99

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

6.0.14
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

6.2.8
Affected by 0 other vulnerabilities.

6.3.5
Affected by 1 other vulnerability.

VCID-e8tz-73s8-myct
Aliases:
CVE-2024-22257
GHSA-f3jh-qvm4-mg39

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

6.1.8
Affected by 1 other vulnerability.

6.2.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-bc13-cmhx-dbcj	The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.	CVE-2023-34042 GHSA-9gp8-6cg8-7h34

Vulnerability

Summary

Aliases

VCID-bc13-cmhx-dbcj

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

CVE-2023-34042
GHSA-9gp8-6cg8-7h34

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:47:35.956979+00:00	GitLab Importer	Affected by	VCID-2b4h-659w-77ak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-38827.yml	38.6.0
2026-06-12T19:23:25.215593+00:00	GitLab Importer	Affected by	VCID-e8tz-73s8-myct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-22257.yml	38.6.0
2026-06-12T15:48:01.022131+00:00	GitLab Importer	Fixing	VCID-bc13-cmhx-dbcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2023-34042.yml	38.6.0