Overview Recently, NSFOCUS CERT monitored Spring's official security announcement and disclosed an identity bypass vulnerability in Spring Security. Using '**' as the pattern in the Spring Security configuration of WebFlux can cause a pattern mismatch between Spring Security and Spring WebFlux, and may result in identity authentication bypass. CVSS score...
Tag: Spring
Spring Cloud Config Server Path Traversal (CVE-2020-5405) Threat Alert
Vulnerability Description Security researchers from NSFOCUS found a directory traversal vulnerability (CVE-2020-5405) in the Spring Cloud Config component. On February 26, Spring released a security bulletin to announce this vulnerability and also expressed appreciation to NSFOCUS. (more…)
