Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
Spring Security:
| Fix version | Availability |
|---|---|
| 6.3.4 | OSS |
| 6.2.7 | OSS |
| 6.1.11 | Enterprise Support Only |
| 6.0.13 | Enterprise Support Only |
| 5.8.15 | Enterprise Support Only |
| 5.7.13 | Enterprise Support Only |
No further mitigation steps are necessary.
The vulnerability was reported responsibly by tkswifty and [email protected]
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy