VYPR
High severity8.2GHSA Advisory· Published Mar 18, 2024· Updated Apr 15, 2026

CVE-2024-22257

CVE-2024-22257

Description

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.security:spring-security-coreMaven
< 5.7.125.7.12
org.springframework.security:spring-security-coreMaven
>= 5.8.0, < 5.8.115.8.11
org.springframework.security:spring-security-coreMaven
>= 6.0.0, < 6.1.86.1.8
org.springframework.security:spring-security-coreMaven
>= 6.2.0, < 6.2.36.2.3

Affected products

13

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.