We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
检测到 WeBankPartners/wecube-platform 一共引入了273个开源组件,存在124个漏洞
漏洞标题:Vmware VMware Spring Security 权限许可和访问控制问题漏洞 缺陷组件:org.springframework.security:spring-security-core@5.1.13.RELEASE 漏洞编号:CVE-2021-22112 漏洞描述:Vmware VMware Spring Security是美国威睿(Vmware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware Spring Security 中存在权限许可和访问控制问题漏洞。该漏洞源于攻击者可以通过Spring Security的多个SecurityContext更改绕过限制,以提升其权限。以下产品及版本受到影响:Spring Security 5.4.0 至 5.4.3 版本, Spring Security 5.3.0.RELEASE 至 5.3.7.RELEASE 版本, Spring Security 5.2.0.RELEASE 至 5.2.8.RELEASE 版本。 影响范围:(∞, 5.2.9.RELEASE) 最小修复版本:5.2.9.RELEASE 缺陷组件引入路径:com.webank.wecube.platform:platform-auth-server@3.2.2->org.springframework.boot:spring-boot-starter-security@2.1.18.RELEASE->org.springframework.security:spring-security-config@5.1.13.RELEASE->org.springframework.security:spring-security-core@5.1.13.RELEASE
另外还有124个漏洞,详细报告:https://mofeisec.com/jr?p=a5247d
The text was updated successfully, but these errors were encountered:
No branches or pull requests
检测到 WeBankPartners/wecube-platform 一共引入了273个开源组件,存在124个漏洞
另外还有124个漏洞,详细报告:https://mofeisec.com/jr?p=a5247d
The text was updated successfully, but these errors were encountered: