Authorization Bypass Affecting Open this link in a new tab package, versions [,5.5.7) [5.6.0 ,5.6.4)

  • Exploit Maturity

    Proof of concept

  • Attack Complexity


  • Confidentiality


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    18 May 2022

  • disclosed

    18 May 2022

  • credit

    Hiroki Nishino, Toshiki Sasazaki, Yoshinori Hayashi, Jonghwan Kim

How to fix?

Upgrade to version 5.5.7, 5.6.4 or higher.

Overview is a package within Spring Security that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Authorization Bypass via the RegexRequestMatcher class, which can easily be misconfigured to be bypassed on some servlet containers when it is used with . in the regular expression.