同学,您这个项目引入了362个开源组件,存在528个漏洞,辛苦升级一下 #20
Description
检测到 bage2014/study 一共引入了362个开源组件,存在528个漏洞
漏洞标题:Vmware VMware Spring Security 权限许可和访问控制问题漏洞
缺陷组件:org.springframework.security:spring-security-core@3.1.2.RELEASE
漏洞编号:CVE-2021-22112
漏洞描述:Vmware VMware Spring Security是美国威睿(Vmware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。
VMware Spring Security 中存在权限许可和访问控制问题漏洞。该漏洞源于攻击者可以通过Spring Security的多个SecurityContext更改绕过限制,以提升其权限。以下产品及版本受到影响:Spring Security 5.4.0 至 5.4.3 版本, Spring Security 5.3.0.RELEASE 至 5.3.7.RELEASE 版本, Spring Security 5.2.0.RELEASE 至 5.2.8.RELEASE 版本。
影响范围:(∞, 5.2.9.RELEASE)
最小修复版本:5.2.9.RELEASE
缺陷组件引入路径:com.bage:study-spring-boot-saml@0.0.1-SNAPSHOT->org.springframework.security.extensions:spring-security-saml2-core@1.0.2.RELEASE->org.springframework.security:spring-security-core@3.1.2.RELEASE
com.bage:study-spring-boot-saml@0.0.1-SNAPSHOT->org.springframework.security.extensions:spring-security-saml2-core@1.0.2.RELEASE->org.springframework.security:spring-security-web@3.1.2.RELEASE->org.springframework.security:spring-security-core@3.1.2.RELEASE
com.bage:study-spring-boot-saml@0.0.1-SNAPSHOT->org.springframework.security.extensions:spring-security-saml2-core@1.0.2.RELEASE->org.springframework.security:spring-security-config@3.1.2.RELEASE->org.springframework.security:spring-security-core@3.1.2.RELEASE
另外还有528个漏洞,详细报告:https://mofeisec.com/jr?p=i61c33