GHSA-3295-h9qx-r82x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3295-h9qx-r82x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3295-h9qx-r82x/GHSA-3295-h9qx-r82x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3295-h9qx-r82x
- Aliases
-
- CVE-2010-3700
- Published
- 2022-05-14T02:43:11Z
- Modified
- 2024-12-05T05:43:40.601130Z
- Summary
- Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
- Details
-
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
- Database specific
{ "nvd_published_at": "2010-10-29T19:00:00Z", "cwe_ids": [ "CWE-288" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-07-08T18:48:11Z" }- References
Affected packages
Maven / org.springframework.security:spring-security-core
Package
- Name
- org.springframework.security:spring-security-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.security/spring-security-core
Maven / org.springframework.security:spring-security-core
Package
- Name
- org.springframework.security:spring-security-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.security/spring-security-core
Maven / org.acegisecurity:acegi-security
Package
- Name
- org.acegisecurity:acegi-security
- View open source insights on deps.dev
- Purl
- pkg:maven/org.acegisecurity/acegi-security