spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using “**
” as a pattern in spring security configuration with the mvcRequestMatcher
which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass.