VYPR

Maven package

org.springframework.security/spring-security-crypto

pkg:maven/org.springframework.security/spring-security-crypto

Vulnerabilities (1)

  • CVE-2025-22228HigMar 20, 2025
    affected >= 6.3.0, < 6.3.8fixed 6.3.8

    BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.