Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
Critical severity
GitHub Reviewed
Published
Apr 20, 2023
to the GitHub Advisory Database
•
Updated Jul 8, 2024
Package
Affected versions
>= 3.0.0, < 3.0.6
>= 2.7.0, < 2.7.11
>= 2.6.0, < 2.6.15
< 2.5.15
Patched versions
3.0.6
2.7.11
2.6.15
2.5.15
Description
Published by the National Vulnerability Database
Apr 20, 2023
Published to the GitHub Advisory Database
Apr 20, 2023
Reviewed
Apr 24, 2023
Last updated
Jul 8, 2024
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
References