Affecting org.springframework.security:spring-security-core artifact, versions [4.2.0, 4.2.12) || [5.0.0, 5.0.12) || [5.1.0, 5.1.5)
org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Insecure Randomness
due to the usage of
SecureRandomFactoryBean#setSeed function to configure a
SecureRandom instance. In order for exploitation, an attacker will need to obtain the content generated from an application's seed value.
org.springframework.security:spring-security-core to version 4.2.12, 5.0.12, 5.1.5 or higher.