← back
CVE-2023-34034

CVE-2023-34034

CVSS 9.1 CRITICALEPSS 3.5%CWE-281
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · Spring Security
public PoCs found1
githubgithub.com/hotblac/cve-2023-340341
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.netapp.com/advisory/ntap-20230814-0008/https://spring.io/security/cve-2023-34034