Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CPE | Name | Operator | Version |
---|---|---|---|
org.springframework:spring-core | eq | 5.0.5.RELEASE |
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
access.redhat.com/errata/RHSA-2019:2413
github.com/advisories/GHSA-cxrj-66c5-9fmh
github.com/spring-projects/spring-framework
github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1
nvd.nist.gov/vuln/detail/CVE-2018-1258
pivotal.io/security/cve-2018-1258
security.netapp.com/advisory/ntap-20181018-0002
web.archive.org/web/20200227032934/www.securityfocus.com/bid/104222
web.archive.org/web/20200807025819/www.securitytracker.com/id/1041888
web.archive.org/web/20200807033751/www.securitytracker.com/id/1041896
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html