Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2018-1258

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Description

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Base CVSS

8.8

EPSS Score

0.22%

Introduced Version

5.0.5.RELEASE

Fix Available

5.0.6.RELEASE

Fix without Upgrading

Available Patches

Package

CVEs Fixed

Lines of Code Changed

org.springframework:spring-aop

References

https://nvd.nist.gov/vuln/detail/CVE-2018-1258

https://web.archive.org/web/20200227032934/http://www.securityfocus.com/bid/104222

https://security.netapp.com/advisory/ntap-20181018-0002

https://pivotal.io/security/cve-2018-1258

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1

https://web.archive.org/web/20200807033751/http://www.securitytracker.com/id/1041896

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://github.com/spring-projects/spring-framework

https://access.redhat.com/errata/RHSA-2019:2413

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://github.com/advisories/GHSA-cxrj-66c5-9fmh

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance

Oops! Something went wrong, please try again.