目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

Spring Security 产品漏洞列表 / CVE 中文分析 41

Spring Security 产品相关 41 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

Spring Security 是 VMware 推出的用于 Java 应用程序的身份验证和访问控制框架。本聚合页收录了该框架相关的远程代码执行、权限绕过及信息泄露等高危漏洞,时间范围覆盖 2014 年至 2024 年。读者可通过此页面追踪厂商发布的安全更新,深入了解特定安全弱点的技术细节与修复方案,或检索 Spring Security 产品的历史漏洞记录以辅助安全审计与风险排查。

ベンダー: Pivotal

CVE IDタイトルCVSS深刻度公開日
CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates CWE-287 6.8 Medium2026-06-09
CVE-2026-41706 Open Redirect When Using CookieRequestCache CWE-601 6.1 Medium2026-06-09
CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature CWE-347 3.7 Low2026-06-09
CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri CWE-601 6.1 Medium2026-06-09
CVE-2026-41003 Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting CWE-79 7.6 High2026-06-09
CVE-2026-40993 Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry CWE-502 7.3 High2026-06-09
CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider CWE-400 7.5 High2026-06-09
CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules 7.5 High2026-04-22
CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers 7.5 High2026-04-22
CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation 5.3 Medium2026-04-22
CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates 6.8 Medium2026-04-22
CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider 3.7 Low2026-04-22
CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions 4.8 Medium2026-04-21
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints CWE-288 8.2 High2026-03-19
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written 9.1 Critical2026-03-19
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation CWE-208 5.3 Medium2026-01-22
CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types 7.5 High2025-09-16
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods 9.1 Critical2025-05-21
CVE-2025-22223 VMware Spring Security 安全漏洞 CWE-290 5.3 Medium2025-03-24
CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length 7.4 High2025-03-20
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons CWE-639 4.8 Medium2024-12-02
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject CWE-287 6.5 Medium2024-08-20
CVE-2024-22257 VMware Spring Security 安全漏洞 8.2 High2024-03-18
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated 7.4 High2024-02-20
CVE-2023-34042 VMware Spring Security 安全漏洞 4.1 Medium2024-02-05
CVE-2023-34034 VMware Spring Security 安全漏洞 9.1 Critical2023-07-19
CVE-2023-34035 Spring Security 安全漏洞 7.3 High2023-07-18
CVE-2023-20862 Spring Framework 安全漏洞 9.4 -2023-04-19
CVE-2022-31690 VMware Spring Security 安全漏洞 8.1 -2022-10-31
CVE-2022-22976 Spring Framework 输入验证错误漏洞 CWE-190 5.3 -2022-05-19

Spring Security 产品累计公开 41 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。