CVE-2023-20860: Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch

March 28, 2023 (updated June 14, 2023)

This advisory has been moved to org.springframework:spring-webmvc

References

github.com/advisories/GHSA-7phw-cxx7-q9vq
nvd.nist.gov/vuln/detail/CVE-2023-20860
spring.io/security/cve-2023-20860

Detect and mitigate CVE-2023-20860 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →