CVE-2022-22978

Posted on 2022년 5월 20일2022년 5월 20일 by admin

CVE-2022-22978

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Source: CVE-2022-22978

답글 남기기 응답 취소