0.001 Low
EPSS
Percentile
35.4%
spring-security is vulnerable to authentication bypass. The cause of vulnerability is due to the use of PlaintextPasswordEncoder, validating the authentication of a user if a null encoded password is entered.
PlaintextPasswordEncoder
null
github.com/spring-projects/spring-security/commit/12dbf2e9612cddd775904952d01bfc044fb1d1bb
lists.debian.org/debian-lts-announce/2019/07/msg00008.html
pivotal.io/security/cve-2019-11272