JLSEC-2026-467 Mbed TLS serialized session data is not cryptographically protected

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...

GHSA-X873-6RGC-94JC Spring Security logout not clearing security context

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the...

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring Security 5.7.x series prior to 5.7.8, 5.8.x series prior to 5.8.3, and 6.0.x series prior...