Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreUsing "**"
as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Spring Security:
The following Spring Security versions contain fixes for this vulnerability:
The above require Spring Framework versions:
This vulnerability was disclosed responsibly by tkswifty and Ha1c9on.
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.