Fluid Attacks Database

Description

Authorization bypass in Spring Security In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.springframework.security:spring-security-core	>=5.5.0 <5.5.7 \|\| >=5.6.0 <5.6.4 \|\| >=0 <5.4.11	5.5.7, 5.6.4, 5.4.11
maven	org.springframework.security:spring-security-web	>=5.5.0 <5.5.7 \|\| >=5.6.0 <5.6.4 \|\| >=0 <5.4.11	5.5.7, 5.6.4, 5.4.11

Aliases

1. CVE-2022-229782. NVD-2022-229783. OSV-2022-229784. GCVE-2022-22978

References

1. https://github.com/anchore/grype/issues/21582. https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java3. https://security.netapp.com/advisory/ntap-20220707-00034. https://spring.io/security/cve-2022-229785. https://tanzu.vmware.com/security/cve-2022-229786. https://www.oracle.com/security-alerts/cpujul2022.html7. https://github.com/DeEpinGh0st/CVE-2022-22978

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.