Java Architecture Diary
Mar 22, 2023 · Information Security
How the '**' Pattern in Spring Security Can Bypass MVC Matching (CVE‑2023‑20860) and How to Fix It
CVE‑2023‑20860 reveals that using the '**' pattern with Spring Security’s mvcRequestMatcher can cause mismatched routing and a potential security bypass, and the advisory details affected Spring Framework versions, mitigation steps, and how to upgrade via Gradle or Maven.
CVE-2023-20860Spring FrameworkSpring Security
0 likes · 3 min read