Approved changes feed: RSS · Atom
cpe:2.3:a:spring:webflux:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Spring (4c7a31af-cbd7-516f-b1ce-2d5f574797bc) |
|---|---|
| Product | Webflux (7a980a66-7d83-5864-a67c-500e76015e68) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-38821 |
vulnerable | 2026-06-03 14:56:19.677164 |
Authorization Bypass of Static Resources in WebFlux Applications
CRITICAL (9.1)
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
* It must be a WebFlux application
* It must be using Spring's static resources support
* It must have a non-permitAll authorization rule applied to the static resources support
Published: 2024-10-28T07:06:13.404Z
Updated: 2025-01-24T20:03:04.932Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.