Spring Framework Security Update Advisory (CVE-2024-22257)

Mar 19 2024

Overview

An update has been made available to address a vulnerability in the Spring framework. users of affected versions are advised to update to the latest version.

Affected Products

Spring Security

versions 6.2.0 through 6.2.2
versions 6.1.0 through 6.1.7
versions 6.0.0 through 6.0.9
versions 5.8.0 to 5.8.10
versions 5.7.0 through 5.7.11
unsupported versions or below

Resolved Vulnerabilities

Access Control Corruption Vulnerability when using AuthenticatedVoter directly in Spring Security (CVE-2024-22257)

Vulnerability Patches

Spring Security 5.7.12, 5.8.11, 6.0.10, 6.1.8, 6.2.3 versions

Referenced Sites

[1] CVE-2024-22257 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22257

[2] CVE-2024-22257: Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter
https://spring.io/security/cve-2024-22257

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Spring Framework Security Update Advisory

WordPress TI WooCommerce Wishlist Plugin Security Update Advisory (CVE-2022-0412)