Improper Authentication Affecting org.springframework.security:spring-security-core package, versions [,2.0.7.RELEASE) [3.0.0.RELEASE,3.0.6.RELEASE)
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.28% (68th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-31338
- published 8 Sep 2014
- disclosed 5 Dec 2012
- credit Unknown
Introduced: 5 Dec 2012
CVE-2011-2731 Open this link in a new tabOverview
org.springframework.security:spring-security-core
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.