A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-502 |
Sun, 24 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-280 |
Fri, 22 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-502 |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-01-25T18:12:44.771Z
Updated: 2024-12-04T07:16:20.011Z
Reserved: 2023-11-23T06:34:22.287Z
Link: CVE-2023-6267
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-25T19:15:08.260
Modified: 2024-12-04T08:15:05.740
Link: CVE-2023-6267
Redhat