QID 997766
Date Published: 2024-03-19
QID 997766: Java (Maven) Security Update for org.springframework.security:spring-security-core (GHSA-f3jh-qvm4-mg39)
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-f3jh-qvm4-mg39 for updates and patch information.
Vendor References
- GHSA-f3jh-qvm4-mg39 -
github.com/advisories/GHSA-f3jh-qvm4-mg39
CVEs related to QID 997766
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-f3jh-qvm4-mg39 | org.springframework.security:spring-security-core |
|