CNNVD-202601-3471 Information
Jan 22, 2026
cve
CNNVD ID
CNNVD-202601-3471
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Spring Security是Spring开源的一款具有认证和授权功能的安全框架。 Spring Security存在安全漏洞,该漏洞源于DaoAuthenticationProvider中的时序攻击缓解措施被破坏,可能导致攻击者通过响应时间差异推断有效用户名或其他身份验证行为。
Description (English)
Spring Security is a security framework for Spring open source with authentication and authorization functions. There is a security loophole in Spring Security, which stems from the breakdown of time-series attack mitigation measures in DaoAuthentationProvider, which may lead the attackers to extrapolate valid user names or other identifications through response time differences.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Spring
Published
2026-01-22
Last Modified
2026-02-24
References
https://spring.io/security/cve-2025-22234/
Patch
https://spring.io/security/cve-2025-22234
Share on: