CVE-2023-34034

Summary

CVE-2023-34034 is a vulnerability affecting Spring Security configuration for WebFlux applications. The issue arises when "**" is used as a pattern in Spring Security settings, leading to a mismatch between Spring Security and Spring WebFlux. This disparity may result in security bypasses, allowing unauthorized access to protected resources. It is crucial for developers to review their Spring Security configurations and avoid using "**" as a pattern to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.