Maven package
org.springframework.security/spring-security-cas
pkg:maven/org.springframework.security/spring-security-cas
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11272 | — | < 4.2.13.RELEASE | 4.2.13.RELEASE | Jun 26, 2019 | Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, |
- CVE-2019-11272Jun 26, 2019affected < 4.2.13.RELEASEfixed 4.2.13.RELEASE
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password,