Description
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Remediation
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104222
http://www.securitytracker.com/id/1041888
http://www.securitytracker.com/id/1041896
https://access.redhat.com/errata/RHSA-2019:2413
https://pivotal.io/security/cve-2018-1258
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Related Vulnerabilities
CVE-2022-25890 Vulnerability in npm package wifey
CVE-2020-28494 Vulnerability in npm package total.js
CVE-2022-1291 Vulnerability in maven package org.webjars.npm:tableexport.jquery.plugin
CVE-2021-23392 Vulnerability in npm package locutus
CVE-2023-29211 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki