Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreUsing "**"
as a pattern in Spring Security configuration with the mvcRequestMatcher
creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
The following Spring Framework versions contain fixes for this vulnerability:
This vulnerability was discovered internally.
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.