Vulnerability	Vulnerable Version
M Access Restriction Bypass Affected versions of this package are vulnerable to Access Restriction Bypass due to the `AuthenticationFilter` relying on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as `/api/foo;%2fapi%2fswagger`, the contains condition will hold and will return from the authentication filter without aborting the request. Note: The principal object will not be assigned and therefore the issue won't allow user impersonation. How to fix Access Restriction Bypass? Upgrade `us.springett:alpine` to version 1.10.4 or higher.	[,1.10.4)

Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass due to the AuthenticationFilter relying on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger, the contains condition will hold and will return from the authentication filter without aborting the request.

Note: The principal object will not be assigned and therefore the issue won't allow user impersonation.

How to fix Access Restriction Bypass?

Upgrade us.springett:alpine to version 1.10.4 or higher.

[,1.10.4)

Go back to all versions of this package