Lucene search
VmwareSpring Security
2 matches found
CVE-2023-34034
Using "**" as a pattern in Spring Security configurationfor WebFlux creates a mismatch in pattern matching between SpringSecurity and Spring WebFlux, and the potential for a security bypass.
9.8CVSS9.2AI score0.39345EPSS
CVE-2023-34035
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring...
7.3CVSS5.4AI score0.01541EPSS