Lucene search
+L

4 matches found

Veracode
Veracode
added 2026/04/28 12:43 p.m.8 views

Time-of-check Time-of-use

Spring Security is vulnerable to a Time-of-check Time-of-use race condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in JdbcOneTimeTokenService, where token validation and usage are not performed atomically, allowing attackers to reuse or race token consumption and...

4.8CVSS5.2AI score0.00124EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/21 9:31 p.m.8 views

GHSA-X2WQ-9X2F-FHJ7 Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.8AI score0.00124EPSS
Exploits0References6
OSV
OSV
added 2026/04/21 6:30 p.m.1 views

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS6AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.14 views

PT-2026-34042

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.4.0 through 6.4.15 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description Applications that explicitly configure One-Time Token login using...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References10
Rows per page
Query Builder