Spring.Security.RegexRequestMatcher.Authentication.Bypass
Description
This indicates an attack attempt against an Authentication Bypass vulnerability in Spring Security.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted request. Successful exploitation can potentially lead to information disclosure or privilege by pass.
Affected Products
Spring Security 5.5.x prior to 5.5.7
Spring Security 5.6.x prior to 5.6.4
Spring Security Earlier unsupported versions
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22978
Version Updates
Date | Version | Detail |
---|---|---|
2022-06-15 | 0.00322 |