Search for packages
| purl | pkg:maven/org.springframework.security/spring-security-core@6.1.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2b4h-659w-77ak
Aliases: CVE-2024-38827 GHSA-q3v6-hm2v-pw99 |
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-e8tz-73s8-myct | In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. |
CVE-2024-22257
GHSA-f3jh-qvm4-mg39 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:47:35.975473+00:00 | GitLab Importer | Affected by | VCID-2b4h-659w-77ak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-38827.yml | 38.6.0 |
| 2026-06-12T15:48:20.153821+00:00 | GitLab Importer | Fixing | VCID-e8tz-73s8-myct | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-22257.yml | 38.6.0 |
| 2026-06-12T07:43:07.190896+00:00 | GithubOSV Importer | Fixing | VCID-e8tz-73s8-myct | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-f3jh-qvm4-mg39/GHSA-f3jh-qvm4-mg39.json | 38.6.0 |
| 2026-06-11T20:34:14.079403+00:00 | GHSA Importer | Fixing | VCID-e8tz-73s8-myct | https://github.com/advisories/GHSA-f3jh-qvm4-mg39 | 38.6.0 |