GHSA-g5h3-w546-pj7f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g5h3-w546-pj7f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-g5h3-w546-pj7f/GHSA-g5h3-w546-pj7f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g5h3-w546-pj7f
- Aliases
- Published
- 2023-04-20T21:33:27Z
- Modified
- 2024-12-06T05:24:46.188054Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
- Details
-
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
- Database specific
{ "nvd_published_at": "2023-04-20T21:15:08Z", "severity": "CRITICAL", "github_reviewed_at": "2023-04-24T20:14:42Z", "github_reviewed": true, "cwe_ids": [] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-20873
- https://github.com/spring-projects/spring-boot/commit/32444fed4b51cc58dc908467f706102d7f0bfc15
- https://github.com/spring-projects/spring-boot/commit/3522714c13b47af03bf42e7f2d5994af568cb1a7
- https://github.com/spring-projects/spring-boot
- https://github.com/spring-projects/spring-boot/releases/tag/v2.5.15
- https://github.com/spring-projects/spring-boot/releases/tag/v2.6.15
- https://github.com/spring-projects/spring-boot/releases/tag/v2.7.11
- https://github.com/spring-projects/spring-boot/releases/tag/v3.0.6
- https://security.netapp.com/advisory/ntap-20230601-0009
- https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now
- https://spring.io/security/cve-2023-20873
Affected packages
Maven
org.springframework.boot:spring-boot-actuator-autoconfigure
Package
- Name
- org.springframework.boot:spring-boot-actuator-autoconfigure
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure
org.springframework.boot:spring-boot-actuator-autoconfigure
Package
- Name
- org.springframework.boot:spring-boot-actuator-autoconfigure
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure
org.springframework.boot:spring-boot-actuator-autoconfigure
Package
- Name
- org.springframework.boot:spring-boot-actuator-autoconfigure
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure
org.springframework.boot:spring-boot-actuator-autoconfigure
Package
- Name
- org.springframework.boot:spring-boot-actuator-autoconfigure
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.15
Affected versions
2.*
2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.0.6.RELEASE
2.0.7.RELEASE
2.0.8.RELEASE
2.0.9.RELEASE
2.1.0.RELEASE
2.1.1.RELEASE
2.1.2.RELEASE
2.1.3.RELEASE
2.1.4.RELEASE
2.1.5.RELEASE
2.1.6.RELEASE
2.1.7.RELEASE
2.1.8.RELEASE
2.1.9.RELEASE
2.1.10.RELEASE
2.1.11.RELEASE
2.1.12.RELEASE
2.1.13.RELEASE
2.1.14.RELEASE
2.1.15.RELEASE
2.1.16.RELEASE
2.1.17.RELEASE
2.1.18.RELEASE
2.2.0.RELEASE
2.2.1.RELEASE
2.2.2.RELEASE
2.2.3.RELEASE
2.2.4.RELEASE
2.2.5.RELEASE
2.2.6.RELEASE
2.2.7.RELEASE
2.2.8.RELEASE
2.2.9.RELEASE
2.2.10.RELEASE
2.2.11.RELEASE
2.2.12.RELEASE
2.2.13.RELEASE
2.3.0.RELEASE
2.3.1.RELEASE
2.3.2.RELEASE
2.3.3.RELEASE
2.3.4.RELEASE
2.3.5.RELEASE
2.3.6.RELEASE
2.3.7.RELEASE
2.3.8.RELEASE
2.3.9.RELEASE
2.3.10.RELEASE
2.3.11.RELEASE
2.3.12.RELEASE
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.4.11
2.4.12
2.4.13
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14