Safeguard
Tag

spring-security

Safeguard articles tagged "spring-security" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Vulnerability Management

CVE-2022-31692: how a forward dispatch bypassed Spring Security authorization

A CVSS 9.8 flaw let a single internal forward skip Spring Security's URL-based access checks entirely — here's the root cause and the exact config fix.

Jul 15, 20266 min read
Application Security

Preventing XSS in Java Spring and JSP applications

OWASP folded XSS into A03:2021-Injection, present in ~3.37% of tested apps — raw JSP EL output and a missing CSP header are still the two most common causes.

Jul 13, 20266 min read
Application Security

The most common Spring Boot security misconfigurations, and how to fix them

CVE-2026-40976 let anonymous users hit /actuator/env and /actuator/heapdump on default Spring Boot 4 filter chains, CVSS 9.1 — here's how to actually harden Spring Boot.

Jul 8, 20266 min read
Security Guides

Spring Security Configuration Guide: The Modern SecurityFilterChain Approach

A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.

Jul 2, 20265 min read
Vulnerability Analysis

Spring Security authorization rule bypass (CVE-2023-34035)

CVE-2023-34035 lets Spring Security's requestMatchers() silently mis-evaluate authorization rules in multi-servlet apps. Here's the fix and how to detect exposure.

Dec 23, 20258 min read
Vulnerability Analysis

Spring Security OAuth2 client vulnerability (CVE-2022-31690)

CVE-2022-31690 in Spring Security's OAuth2 client can let one principal obtain another's token. Here's the impact, CVSS/EPSS context, and how to remediate.

Dec 22, 20257 min read
Vulnerability Analysis

CVE-2018-1199: Authorization bypass in Spring Security CO...

CVE-2018-1199 let CORS pre-flight requests slip past Spring Security's authorization checks. What it affected, its real severity, and how to remediate it.

Sep 21, 20257 min read
Vulnerability Analysis

CVE-2021-22112: Improper authorization in Spring Security...

CVE-2021-22112 let Spring Security lose SecurityContext changes mid-request, an improper authorization flaw exposing OAuth2-secured apps to privilege escalation.

Sep 21, 20258 min read
spring-security — Safeguard Blog