Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hmqf-wpq9-jq83

GitHub Security Advisory

Spring Security Missing Authorization vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

Affected Packages

Maven org.springframework.security:spring-security-core
Affected versions: 6.3.0 (fixed in 6.3.2)

Related CVEs

CVE-2024-38810

Key Information

GHSA ID
GHSA-hmqf-wpq9-jq83
Published
August 20, 2024 6:31 AM
Last Modified
March 1, 2025 11:06 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.springframework.security:spring-security-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 29, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.