pkg:Maven/org.springframework.security:spring-security-core

All known vulnerabilities

• CRITICAL9.8CVE-2022-31692Spring Security authorization rules can be bypassed via forward or include dispatcher types
  >= 5.7.0, < 5.7.5
• CRITICAL9.8CVE-2022-22978Authorization bypass in Spring Security
  >= 5.5.0, < 5.5.7
• CRITICAL9.8Authorization Bypass in Spring Security
  from 0, < 3.1.7
• CRITICAL9.1Spring Security authorization bypass for method security annotations on private methods
  >= 6.4.0, < 6.4.6
• HIGH8.8Signature wrapping vulnerability in Spring Security
  >= 5.2.0, < 5.2.4
• HIGH8.2Erroneous authentication pass in Spring Security
  from 0, < 5.7.12
• HIGH8.1Deserialization of Untrusted Data in Spring Security
  >= 4.2.0.RELEASE, < 4.2.3.RELEASE
• HIGH7.5Spring Security annotation detection mechanism has authorization bypass
  >= 6.4.0, < 6.4.10
• HIGH7.5Resource Exhaustion in Spring Security
  >= 5.5.0, < 5.5.1
• HIGH7.5Security Constraint Bypass in Spring Security
  from 0, < 3.2.10.RELEASE
• HIGH7.5Spring Security and Spring Framework may not recognize certain paths that should be protected
  from 0, < 4.1.1
• HIGH7.4Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
  >= 6.1.0, < 6.1.7
• HIGH7.4Spring Security vulnerable to Authorization Bypass
  >= 5.1.0, < 5.1.2
• HIGH7.3Improper Authentication in Spring Security
  >= 3.2.0, < 3.2.2.RELEASE
• HIGH7.3libspring-security-2.0-java - security update
  from 0, < 4.2.13
• MEDIUM6.5Spring Security Missing Authorization vulnerability
  >= 6.3.0, < 6.3.2
• MEDIUM6.5Insufficient Entropy in Spring Security
  >= 5.3.0, < 5.3.2
• MEDIUM6.3Spring Security logout not clearing security context
  >= 5.7.0, < 5.7.8
• MEDIUM5.3Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
  >= 6.3.8, < 6.3.9
• MEDIUM5.3Spring Security Vulnerable to Authorization Bypass via Security Annotations
  >= 6.4.0, < 6.4.4
• MEDIUM5.3Integer overflow in BCrypt class in Spring Security
  >= 5.2.0.RELEASE, < 5.5.7
• MEDIUM5.3libspring-security-2.0-java - security update
  >= 4.2.0, < 4.2.12
• MEDIUM5.3Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
  >= 4.2.0, < 4.2.4
• MEDIUM4.8Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
  >= 6.5.0, < 6.5.10
• MEDIUM4.8Spring Framework has Authorization Bypass for Case Sensitive Comparisons
  from 0, < 5.7.14
• LOW3.7Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
  >= 5.7.0, <= 5.7.22
• —Improper Control of Generation of Code in Spring Security
  from 0, < 2.0.7
• —Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
  from 0, < 2.0.8
• —Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
  from 0, < 2.0.7
• —Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
  >= 3.0.0, < 3.0.6
• —Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
  >= 2.0.0, < 2.0.6