Closed SunBK201 closed 1 month ago
Hi @SunBK201, we can't change the vulnerable version ranges and patched versions because a patched version called 6.0.9 appears to not exist. org.springframework.security:spring-security-core
has no version 6.0.9, as seen at https://mvnrepository.com/artifact/org.springframework.security/spring-security-core. Additionally, the 6.0.x
branch at https://github.com/spring-projects/spring-security/commits/6.0.x/ does not contain the fix commit that is present in the 5.7.x
, 5.8.x
, 6.1.x
, and 6.2.x
branches.
Updates
Comments Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-22257