CVE-2011-2731

EPSS 0.23%

Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security

發布日:2022/5/17修改日:2024/12/7

描述

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

受影響套件(1)

Maven/org.springframework.security:spring-security-corefrom 0, < 2.0.7

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-2731
PATCHhttps://github.com/spring-projects/spring-security
WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
WEBhttp://support.springsource.com/security/cve-2011-2731