Moderate severityNVD Advisory· Published Aug 20, 2024· Updated Aug 20, 2024
Missing Authorization When Using @AuthorizeReturnObject
CVE-2024-38810
Description
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.security:spring-security-coreMaven | >= 6.3.0, < 6.3.2 | 6.3.2 |
Affected products
2- Range: 6.3.x
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-hmqf-wpq9-jq83ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38810ghsaADVISORY
- spring.io/security/cve-2024-38810ghsaWEB
News mentions
0No linked articles in our index yet.