cvedb.io
CVE-2018-1258
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-05-11T20:29:00.260 · Last modified 2026-06-17T01:50:50.107

Summary

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Affected products

pivotal_software — spring_security

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.