Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
2024-08-20T04:15:07.993
2025-02-28T22:44:24.380
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | vmware | spring_security | < 6.3.2 | Yes |