Lucene search

K
cvelistVmwareCVELIST:CVE-2023-20860
HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-20860

2023-03-2700:00:00
vmware
www.cve.org
1
cve-2023-20860
spring framework
version 6.0.0 - 6.0.6
version 5.3.0 - 5.3.25
spring security configuration
mvcrequestmatcher
pattern mismatch

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using “**” as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Spring Framework",
    "versions": [
      {
        "version": "Spring Framework (versions 6.0.0 to 6.0.6 and 5.3.0 to 5.3.25)",
        "status": "affected"
      }
    ]
  }
]

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%