In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku

Kaynak: National Vulnerability Database