VYPR
Moderate severityNVD Advisory· Published Aug 20, 2024· Updated Aug 20, 2024

Missing Authorization When Using @AuthorizeReturnObject

CVE-2024-38810

Description

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.security:spring-security-coreMaven
>= 6.3.0, < 6.3.26.3.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.