CVE-2018-1258

Name of the Vulnerable Software and Affected Versions: Spring Framework version 5.0.5 Spring Framework versions prior to the fixed version (fixed version not specified)

Description: The issue is related to an authorization bypass when using method security in Spring Framework, particularly when used in combination with Spring Security. This allows an unauthorized malicious user to gain unauthorized access to methods that should be restricted. The vulnerability is also associated with incorrect authorization, which can enable a remote attacker to obtain unauthorized access to protected information.

Recommendations: For Spring Framework version 5.0.5, update to a version that contains a fix for this issue, if available. For other affected versions of Spring Framework, apply the necessary security patches or updates to resolve the authorization bypass issue. As a temporary workaround, consider restricting access to sensitive methods until a patch is available. Avoid using method security in combination with Spring Security until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.