Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user h…
[org.springframework.security:spring-security-cas] Insufficiently Protected Credentials and Improper Authentication in Spring Security
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user h…
[fs-path] Command Injection in fs-path
All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in.
Recommendation
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available…
[org.springframework.data:spring-data-jpa] Improper Neutralization of Wildcards or Matching Symbols
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results…