VYPR

Spring Security

by Spring By VMware

CVEs (3)

  • CVE-2020-5408May 14, 2020
    risk 0.00cvss epss 0.02

    Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to…

  • CVE-2020-5407May 13, 2020
    risk 0.00cvss epss 0.01

    Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML…

  • CVE-2018-15801Dec 19, 2018
    risk 0.00cvss epss 0.01

    Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could…