Spring Security Missing Authorization vulnerability

GHSA-hmqf-wpq9-jq83 · CVE-2024-38810

Published Aug 20, 2024 · Modified Mar 1, 2025

Description

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-38810
PACKAGE https://github.com/spring-projects/spring-security
WEB https://spring.io/security/cve-2024-38810

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes