CVE-2023-34034

ADVISORY - github

Summary

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

EPSS Score⁠: 0.47909 (0.976)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-281⁠

Improper Preservation of Permissions

ADVISORY - github

CWE-281⁠

Improper Preservation of Permissions

CWE-284⁠

Improper Access Control

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-281⁠

Improper Preservation of Permissions

CWE-284⁠

Improper Access Control

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-145⁠

Improper Neutralization of Section Delimiters

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.