Package impact
Maven / org.springframework.security:spring-security-core
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-3527 | critical | 9.8 | 9.8 | 9y ago | Authorization Bypass in Spring Security | |
| CVE-2017-4995 | high | 8.1 | 8.1 | 9y ago | Deserialization of Untrusted Data in Spring Security | |
| CVE-2016-5007 | high | 7.5 | 7.5 | 9y ago | Spring Security and Spring Framework may not recognize certain paths that should be protected | |
| CVE-2016-9879 | high | 7.5 | 7.5 | 10y ago | Security Constraint Bypass in Spring Security | |
| CVE-2014-0097 | high | 7.3 | 7.3 | 9y ago | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic… |