CVE-2022-22978

Published: May 19, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Vendor	Product	Versions
n/a	Spring Security	affected `Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions`

Weaknesses (CWE)

CWE-863

References

https://spring.io/security/cve-2022-22978

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-22978

Description

Affected Products

Weaknesses (CWE)

References