Description
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Remediation
References
https://security.netapp.com/advisory/ntap-20230814-0008/
https://spring.io/security/cve-2023-34034
Related Vulnerabilities
CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2019-0230 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2018-1000600 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2022-33140 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-core