ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +3194 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.3.0 <=6.3.7)

org.springframework.security:spring-security-crypto MAVEN version =6.3.0, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =cloud-0.1, =cloud-0.3 and more Source cves: CVE-2025-22228 Source advisory: OSV:GHSA-MG83-C7GQ-RV5C...

be.mogo.iam:mogo-provisioning (=1.0.1.RELEASE), be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE) +947 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-crypto MAVEN version =6.1.0, =1.5.1.RELEASE, =2.1.0.RELEASE, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.1.0.5, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.1.1.3 and more Source cves: CVE-2025-22228 Source advisory:...

GHSA-MG83-C7GQ-RV5C Spring Security Does Not Enforce Password Length

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

CVE-2025-22228

CVE-2025-22228 is reported in IBM Netcool Operations Insight. The issue arises from BCryptPasswordEncoder.matches(CharSequence,String) returning true for passwords longer than 72 characters if the first 72 characters are identical, enabling an authentication bypass under certain inputs. Affected ...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security for Spring-based applications. A security vulnerability exists in VMware Spring Security that stems from incorrectly returning true for passwords longer than 72 characters...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2784 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.4.0 <=6.4.3)

org.springframework.security:spring-security-crypto MAVEN version =6.4.0, =0.5.8, =0.0.1, =0.0.1, =55.v51410e712e0c, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =2.3.0, =1.10.0, =1.10.0, =1.11.0 and more Source cves: CVE-2025-22228 Source advisory:...

Authentication Bypass by Primary Weakness

Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the BCryptPasswordEncoder.matches function, which only takes the first 72 characte...

Incorrect Authorization

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Incorrect Authorization when using @EnableMethodSecurity on parameterized types or methods. The method annotation...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +5606 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.0.0 <=6.3.7)

org.springframework.security:spring-security-crypto MAVEN version =6.0.0, =0.2.0, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.7 and more Source cves: CVE-2025-22228 Source advisory:...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2046 more potentially affected by CVE-2025-22223 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.3)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.55.1, =2.1.0 and more Source cves: CVE-2025-22223 Source advisory:...

This Week in Spring – March 18th, 2025

Hi, Spring fans! I just got back from the amazing JavaOne show held in Redwood Shores. It was a fun, uproarious event and a great chance to reconnect with tons of friends, old and new. I love this community! One of the central highlights of this show? Java 24 is here, finally! And, as usual, we'v...

starsea-mall 代码注入漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A code injection vulnerability exists in starsea-mall version 1.0, which originates from cross-site scripting and may lead to remote attacks...

CVE-2025-2334

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access...

CVE-2025-2323

CVE-2025-2323 concerns a vulnerability in the 274056675 springboot-openai-chatgpt project where the function updateQuestionCou in /api/mjkj-chat/chat/mng/update/questionCou of the Number of Question Handler can be manipulated to enforce a behavioral workflow. Exploitation is described as remote. ...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt, which stems from hard-coded credentials and could lead to remote attacks...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices architecture based on SpringCloud by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from a business logic error and could lead to a remote attack...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from improper authorization and could lead to remote attacks...

ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1819 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)

net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =1.1.0-dev-3, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.23.0 and more Source cves: CVE-2020-36843 Source advisory: SNYK:JAVA-NETI2PCRYPTO-9402849...