Spring Boot Security Bypass Vulnerability (CVS-2023-20873) Notice
April 25, 2023
Overview Recently, NSFOCUS CERT found that Spring officially issued a security notice, which fixed a Spring Boot authentication bypass vulnerability (CVE-2023-20873). When Spring Boot is deployed to Cloud Foundry and there is code/cloudFoundryapplication/* * that can handle matching requests, and used in conjunction with a catch all request mapping that matches/* *, unauthenticated remote attackers […]
