Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreIn certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must:
If any of the above does not apply, the application is not vulnerable.
Spring Boot:
| Fix version | Availability |
|---|---|
| 4.0.6 | OSS |
No further mitigation steps are necessary.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy