advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-hh32-7344-cg2f] Authorization bypass in Spring Security

Open secjoker opened this issue 1 year ago • 0 comments

Updates

  • Affected products

Comments According to the description of the vulnerability announcement Affected Spring Products and Versions at https://spring.io/security/cve-2022-22978. The affected version has an error and is recommended to be modified to 5.6.0<=version<5.6.4, 5.5.0<=version<5.5.7, version<5.4.11 Reference link: https://spring.io/security/cve-2022-22978 The detailed description is as follows: Affected Spring Products and Versions Spring Security 5.4.x prior to 5.4.11 5.5.x prior to 5.5.7 5.6.x prior to 5.6.4 Earlier unsupported versions Mitigation Users should update to a version that includes fixes. 5.5.x users should upgrade to 5.5.7 or greater. 5.6.x users should upgrade to 5.6.4 or greater. Releases that have fixed this issue include:

secjoker avatar Jul 04 '24 09:07 secjoker