CVE-2011-2731: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

May 17, 2022 (updated July 13, 2022)

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
support.springsource.com/security/cve-2011-2731
github.com/advisories/GHSA-4644-hg35-55m9
nvd.nist.gov/vuln/detail/CVE-2011-2731

Code Behaviors & Features

Detect and mitigate CVE-2011-2731 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →