Vulnerability CVE-2022-22978
Published: 2022-05-19

Description:
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

 References:
https://tanzu.vmware.com/security/cve-2022-22978
Copyright 2024, cxsecurity.com

 

Back to Top