In Spring Security versions 5.5.6... CVE-2022-22978

- AV AC AU C I A
发布: 2022-04-29
修订: 2022-04-29

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass

0%
暂无可用Exp或PoC
当前有0条受影响产品信息