Fedora Account System
Red Hat Associate
Red Hat Customer
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. https://tanzu.vmware.com/security/cve-2022-22978
Created springframework tracking bugs for this issue: Affects: fedora-all [bug 2087941]
This issue has been addressed in the following products: Red Hat Fuse 7.11 Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-22978
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.13 Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299