High severity8.8NVD Advisory· Published May 11, 2018· Updated Jun 17, 2026
CVE-2018-1258
CVE-2018-1258
Description
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-coreMaven | >= 5.0.5.RELEASE, < 5.0.6.RELEASE | 5.0.6.RELEASE |
Affected products
2- Range: 5.0.5
Patches
Vulnerability mechanics
References
23- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:2413nvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujan2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujan2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/104222nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041888nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041896nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-cxrj-66c5-9fmhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1258ghsaADVISORY
- pivotal.io/security/cve-2018-1258nvdVendor AdvisoryWEB
- security.netapp.com/advisory/ntap-20181018-0002/nvdThird Party Advisory
- github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1ghsaWEB
- security.netapp.com/advisory/ntap-20181018-0002ghsaWEB
- web.archive.org/web/20200227032934/http://www.securityfocus.com/bid/104222ghsaWEB
- web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888ghsaWEB
- web.archive.org/web/20200807033751/http://www.securitytracker.com/id/1041896ghsaWEB
News mentions
0No linked articles in our index yet.