Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Patch: Vulnerability introduced by org.springframework.security:spring-security-config@6.1.3 #245

Closed
petruki opened this issue Oct 9, 2023 · 0 comments
Closed

Security Patch: Vulnerability introduced by org.springframework.security:spring-security-config@6.1.3 #245

petruki opened this issue Oct 9, 2023 · 0 comments
Assignees
@petruki
Labels
patch Update internal dependencies security Vulnerability found
Milestone
v1.0.8

Comments

@petruki
Copy link
Member

petruki commented Oct 9, 2023

Describe the patch
Incorrect Permission Assignment for Critical Resource

Introduced through: com.github.switcherac:switcher-ac@1.0.8-SNAPSHOT › org.springframework.boot:spring-boot-starter-security@3.1.3 › org.springframework.security:spring-security-config@6.1.3

Current dependency

  • Name: org.springframework.boot:spring-boot-starter-security@3.1.3

Optional - Remediation

  • Name: org.springframework.boot:spring-boot-starter-security@3.1.4

Additional context
https://www.cve.org/CVERecord?id=CVE-2023-34042
https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-5905484
@petruki petruki added patch Update internal dependencies security Vulnerability found labels Oct 9, 2023
@petruki petruki added this to the v1.0.8 milestone Oct 9, 2023
@petruki petruki self-assigned this Oct 9, 2023
petruki added a commit that referenced this issue Oct 9, 2023
@petruki
Closes #245 - Bump Spring Boot 3.1.4
56d12ed
@petruki petruki closed this as completed in 68ee97e Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petruki petruki

Labels
patch Update internal dependencies security Vulnerability found
Projects
None yet
Milestone
v1.0.8
Development

No branches or pull requests
1 participant
@petruki