spring security

Enterprise Vulnerabilities

VMware patches critical authorization bypass vulnerability in Spring Security

A critical authorization rules bypass vulnerability exists in Spring Security versions 5.7.0 to 5.7.4 and versions 5.6.0 to 5.6.8. The vulnerability gives attackers a way to potentially bypass an API gateway and access backend services with a simple “forward” [299 words]. What: VMware released Spring Security 5.6.9 and 5.7.5 on October 31 to fix the […]

Read More