spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-security-core-6.4.3.jar (CVE-2025-41232)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to a Protection Mechanism Failure in Spring Security v6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate...

This Week in Spring - June 24th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! We're in the middle of June already! And you know what that means? Warm weather, fun, and of course: the amazing SpringOne event in lovely Las Vegas, NV! The content catalog went live today! I'll be there doing, among other...

This Week in Spring - June 17th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! We're in the middle of June already! And you know what that means? Warm weather, fun, and of course: the amazing SpringOne event in lovely Las Vegas, NV! The content catalog went live today! I'll be there doing, among other...

Malicious code in spring-security-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1c1536bc422839f96c59d0abf7e874f94ede428b9047a56668eb0293b047631 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4887 Malicious code in spring-security-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1c1536bc422839f96c59d0abf7e874f94ede428b9047a56668eb0293b047631 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Authorization spring-security-crypto dependency in Bamboo Data Center

This High severity spring-security-crypto dependency vulnerability was introduced in versions 9.6.0, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an...

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41232...

Authentication Bypass

org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...

The vulnerability of the configuration @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects in the Java framework for securing Spring-based industrial applications allows attackers to bypass the authentication process.

The vulnerability of the @EnableMethodSecurity'mode=ASPECTJ configuration or the spring-security-aspects Java framework for securing Spring-based industrial applications is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to bypass...

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

org.coldis.library:persistence (>=2.0.34 <=2.0.38), org.eclipse.hawkbit:hawkbit-ddi-server (>=0.7.0 <=0.8.0) +10 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-aspects (>=6.4.1 <=6.4.4)

org.springframework.security:spring-security-aspects MAVEN version =6.4.1, =2.0.34, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.0 Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2660 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.5)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.15.1 and more Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...

GHSA-9PP5-9C7G-4R83 Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...