Data: 2023-07-20
Severity: Critical
CVSS Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Riferimenti:
- https://spring.io/security/cve-2023-34034
- https://nvd.nist.gov/vuln/detail/CVE-2023-34034
- https://ossindex.sonatype.org/vulnerability/CVE-2023-34034
Libreria: org.springframework.security:* < 5.8.5
Descrizione
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
GovWay
Versione affette: <= 3.3.13
Risoluzione: 3.3.13.p1