Spring Security@5.3.0 Security Vulnerabilities and Issues — Spring Security@5.3.0 CVE List

Lucene search

Pivotal SoftwareSpring Security5.3.0

3 matches found

CVE•added 2021/02/23 7:15 p.m.•168 views

CVE-2021-22112

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). Howev...

9CVSS8.4AI score0.00979EPSS

CVE•added 2020/05/14 6:15 p.m.•103 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has b...

6.5CVSS6.5AI score0.00468EPSS

CVE•added 2020/05/13 5:15 p.m.•69 views

CVE-2020-5407

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an ar...

8.8CVSS8.5AI score0.00665EPSS