Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreUsing "**"
as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Spring Security:
The following Spring Security versions contain fixes for this vulnerability:
The above require Spring Framework versions:
This vulnerability was disclosed responsibly by tkswifty and Ha1c9on.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy