CVE-2022-22978: Authorization Bypass in RegexRequestMatcher

Engineering | Rob Winch | May 15, 2022 | ...


  • [05-17] Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction.

CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher

Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher. Please update as soon as possible.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all