Vulnerabilites fixes on spring security for azure & ibm and oauth2 for azure (!392) · Merge requests · OSDU Software / OSDU Data Platform / Data Flow / Data Ingestion / Ingestion Workflow · GitLab

Jayesh Bagul requested to merge az/jb_vulnerabilities_147 into master Mar 29, 2023

Vulnerabilities fixes on spring security for azure & ibm and oauth2 for azure.

-- Issue: Spring Security authorization rules can be bypassed via forward or include dispatcher types in org.springframework.security/spring-security-web
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/security/vulnerabilities/27105
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/security/vulnerabilities/27106

-- Issue: # Spring Security authorization rules can be bypassed via forward or include dispatcher types in org.springframework.security/spring-security-web
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/security/vulnerabilities/25074

Non-vulnerable versions are updated.

Edited Mar 29, 2023 by Jayesh Bagul