CVE-2018-1258 – org.springframework:spring-core

Package

Manager: maven
Name: org.springframework:spring-core
Vulnerable Version: =5.0.5.release || >=5.0.5.release <5.0.6.release

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00221 pctl0.44654

Details

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Metadata

Created: 2018-10-17T20:05:49Z
Modified: 2024-03-14T21:08:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cxrj-66c5-9fmh/GHSA-cxrj-66c5-9fmh.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-cxrj-66c5-9fmh
Finding: F006
Auto approve: 1