CVE-2024-38810 Information

Description

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

Reference

https://spring.io/security/cve-2024-38810