CVE-2023-34034
- Source
- https://cve.org/CVERecord?id=CVE-2023-34034
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34034.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-34034
- Aliases
- Published
- 2023-07-19T15:15:11.127Z
- Modified
- 2026-03-15T22:44:49.906457Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
- References
Affected packages
Git / github.com/spring-projects/spring-security
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spring-projects/spring-security
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "5.6.0" }, { "fixed": "5.6.12" }, { "introduced": "5.7.0" }, { "fixed": "5.7.10" }, { "introduced": "5.8.0" }, { "fixed": "5.8.5" }, { "introduced": "6.0.0" }, { "fixed": "6.0.5" }, { "introduced": "6.1.0" }, { "fixed": "6.1.2" } ] }
Affected versions
5.*
5.2.10.RELEASE
5.2.11.RELEASE
5.2.12.RELEASE
5.2.13.RELEASE
5.2.14.RELEASE
5.2.15.RELEASE
5.2.2.RELEASE
5.2.3.RELEASE
5.2.4.RELEASE
5.2.5.RELEASE
5.2.6.RELEASE
5.2.7.RELEASE
5.2.8.RELEASE
5.2.9.RELEASE
5.3.1.RELEASE
5.3.10.RELEASE
5.3.11.RELEASE
5.3.12.RELEASE
5.3.13.RELEASE
5.3.2.RELEASE
5.3.3.RELEASE
5.3.4.RELEASE
5.3.5.RELEASE
5.3.6.RELEASE
5.3.7.RELEASE
5.3.8.RELEASE
5.3.9.RELEASE
5.4.1
5.4.10
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.6.0
5.6.1
5.6.10
5.6.11
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8
5.6.9