Security Advisory

CVE-2022-22978

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-19 00:00:00

Last updated 2024-08-03 03:28:42

Assigner vmware

State PUBLISHED

Description

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

← Browse all CVEs View on cve.org ↗