org.springframework.security:spring-security-config@5.0.2.RELEASE vulnerabilities
-
latest version
6.3.3
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
3 months ago
-
licenses detected
- [3.0.0.RELEASE,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.springframework.security:spring-security-config package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Authorization Bypass due to the use of How to fix Authorization Bypass? Upgrade |
[,5.7.14)
[5.8.0,5.8.16)
[6.2.0,6.2.8)
[6.3.0,6.3.5)
|
org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Restriction Bypass. It does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. How to fix Access Restriction Bypass? Upgrade |
[4.1.0.RELEASE,4.1.5.RELEASE)
[4.2.0.RELEASE,4.2.4.RELEASE)
[5.0.0.RELEASE,5.0.3.RELEASE)
|