Maven package
org.springframework.security/spring-security-crypto
pkg:maven/org.springframework.security/spring-security-crypto
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22228 | Hig | 7.4 | >= 6.3.0, < 6.3.8 | 6.3.8 | Mar 20, 2025 | BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. |
- affected >= 6.3.0, < 6.3.8fixed 6.3.8
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.