Vulnerabilities

CVE-2022-22978

by Fred · 19/05/2022

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Date published : 2022-05-19

https://tanzu.vmware.com/security/cve-2022-22978

Similar

Tags: Cybersecurity Alert