logo
DATABASE RESOURCES PRICING ABOUT US

JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass

Description

Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. ## Impact A remote attacker can bypass authentication. As a result, the attacker gains access to the server and information may be disclosed. ## Solution **Update the Software** Update to the latest version according to the information provided by the developer. ## Products Affected * Spring Security 4.1.0 to 4.1.4 * Spring Security 4.2.0 to 4.2.3 * Spring Security 5.0.0 * Spring Framework 4.3.0 to 4.3.13 * Spring Framework 5.0.0 to 5.0.2 The developer states that "_Older unmaintained versions of Spring Security & Spring Framework were not analyzed and may be impacted_".


Related