VMware Spring Security 5.2.0 Release Candidate 1

CPE Details

VMware Spring Security 5.2.0 Release Candidate 1
vmware
spring_security
5.2.0
2021-06-08
16h11 +00:00
2021-06-08
16h20 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:spring_security:5.2.0:rc1:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_security

Version

5.2.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-22978 2022-05-18 22h00 +00:00 In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
9.8
Critical
CVE-2021-22119 2021-06-29 14h15 +00:00 Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
7.5
High