CVE-2011-2731

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in maven/org.springframework.security/spring-security-core

Identifiers

GHSA-4644-hg35-55m9, CVE-2011-2731

Package Slug

maven/org.springframework.security/spring-security-core

Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Affected Versions

All versions before 2.0.7, all versions starting from 3.0.0 before 3.0.6

Solution

Upgrade to versions 2.0.7, 3.0.6 or above.

Last Modified

2022-07-26

source