Threat Encyclopedia

Spring.Security.RegexRequestMatcher.Authentication.Bypass

description-logoDescription

This indicates an attack attempt against an Authentication Bypass vulnerability in Spring Security.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted request. Successful exploitation can potentially lead to information disclosure or privilege by pass.

affected-products-logoAffected Products

Spring Security 5.5.x prior to 5.5.7
Spring Security 5.6.x prior to 5.6.4
Spring Security Earlier unsupported versions

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22978

CVE References

CVE-2022-22778