CVSS: 9.8EPSS: 90%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
19 May 2022 — In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedo... • https://github.com/DeEpinGh0st/CVE-2022-22978 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22112
https://notcve.org/view.php?id=CVE-2021-22112
23 Feb 2021 — Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. ... • http://www.openwall.com/lists/oss-security/2021/02/19/7 •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 1CVE-2011-2894 – Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization
https://notcve.org/view.php?id=CVE-2011-2894
04 Oct 2011 — Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang... • https://github.com/pwntester/SpringBreaker • CWE-502: Deserialization of Untrusted Data •