cbcvebase.
CVE-2024-38810
published 2024-08-20

CVE-2024-38810: Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

Affected

2 ranges
VendorProductVersion rangeFixed in
springspring_security>= 6.3.x < 6.3.26.3.2
vmwarespring_security>= 6.3.0 < 6.3.26.3.2