CVE-2023-34034

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-281
View all →

Vulnerability Description

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

Related Vulnerabilities

CVE-2017-8543

CRITICAL
CVSS:9.8(Critical)

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 ...

CWE-2812017

CVE-2017-8589

CRITICAL
CVSS:9.8(Critical)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code...

CWE-2812017

CVE-2018-4115

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPre...

CWE-2812018

CVE-2020-18890

CRITICAL
CVSS:9.8(Critical)

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.

CWE-2812020

CVE-2020-36070

CRITICAL
CVSS:9.8(Critical)

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.

CWE-2812020

CVE-2021-29971

CRITICAL
CVSS:9.8(Critical)

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects F...

CWE-2812021