{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-22978","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","assignerShortName":"vmware","dateUpdated":"2024-08-03T03:28:42.507Z","dateReserved":"2022-01-10T00:00:00.000Z","datePublished":"2022-05-19T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2023-04-11T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."}],"affected":[{"vendor":"n/a","product":"Spring Security","versions":[{"version":"Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions","status":"affected"}]}],"references":[{"url":"https://spring.io/security/cve-2022-22978"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-863- improper authorization","cweId":"CWE-863"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:28:42.507Z"},"title":"CVE Program Container","references":[{"url":"https://spring.io/security/cve-2022-22978","tags":["x_transferred"]}]}]}}