[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-22978":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":29,"related":30,"reserved_at":9,"published_at":31,"modified_at":32,"state":33,"summary":34,"references_raw":42,"kevs":80,"epss":81,"epss_history":84,"metrics":292,"affected":303},"CVE-2022-22978","In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","weakness","Incomplete","Class","High",[],[],[22],"GHSA-hh32-7344-cg2f",[],[25,27],{"_key":26},"UBUNTU-CVE-2022-22978",{"_key":28},"RHSA-2023:3299",[],[],"2022-05-19T00:00:00.000Z","2024-08-03T03:28:42.507Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":36,"epss_score":37,"severity":36,"severity_score":38,"severity_version":39,"severity_source":40,"severity_vector":41,"severity_status":33},false,"critical",0.90224,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[43,50,55,59,64,68,72,76],{"url":44,"sources":45,"tags":48},"https://spring.io/security/cve-2022-22978",[46,40,47],"cve.org","osv_maven",[49],"WEB",{"url":51,"sources":52,"tags":53},"https://nvd.nist.gov/vuln/detail/CVE-2022-22978",[47],[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://github.com/anchore/grype/issues/2158",[47],[49],{"url":60,"sources":61,"tags":62},"https://github.com/spring-projects/spring-security",[47],[63],"PACKAGE",{"url":65,"sources":66,"tags":67},"https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java",[47],[49],{"url":69,"sources":70,"tags":71},"https://security.netapp.com/advisory/ntap-20220707-0003",[47],[49],{"url":73,"sources":74,"tags":75},"https://tanzu.vmware.com/security/cve-2022-22978",[47],[49],{"url":77,"sources":78,"tags":79},"https://www.oracle.com/security-alerts/cpujul2022.html",[47],[49],[],{"date":82,"score":37,"percentile":83},"2026-06-04",0.9961,[85,89,92,94,97,99,101,103,105,109,111,114,116,118,120,124,126,129,131,133,135,137,139,141,143,145,147,149,152,154,156,159,162,164,166,169,171,174,176,178,180,182,184,186,189,192,194,196,199,201,203,205,208,210,213,215,217,219,221,224,226,229,231,233,235,237,239,241,243,245,247,249,252,254,256,259,262,264,266,268,270,272,275,277,279,281,283,285,287,290],{"date":86,"score":87,"percentile":88},"2025-11-04",0.90791,0.99599,{"date":90,"score":87,"percentile":91},"2025-11-05",0.99598,{"date":93,"score":87,"percentile":91},"2025-11-06",{"date":95,"score":87,"percentile":96},"2025-11-07",0.99596,{"date":98,"score":87,"percentile":96},"2025-11-08",{"date":100,"score":87,"percentile":96},"2025-11-09",{"date":102,"score":87,"percentile":96},"2025-11-10",{"date":104,"score":87,"percentile":96},"2025-11-11",{"date":106,"score":107,"percentile":108},"2025-11-12",0.90406,0.99572,{"date":110,"score":107,"percentile":108},"2025-11-13",{"date":112,"score":107,"percentile":113},"2025-11-14",0.99571,{"date":115,"score":107,"percentile":113},"2025-11-15",{"date":117,"score":107,"percentile":108},"2025-11-16",{"date":119,"score":107,"percentile":108},"2025-11-17",{"date":121,"score":122,"percentile":123},"2025-11-18",0.91829,0.99759,{"date":125,"score":122,"percentile":123},"2025-11-19",{"date":127,"score":122,"percentile":128},"2025-11-20",0.99758,{"date":130,"score":107,"percentile":113},"2025-11-21",{"date":132,"score":107,"percentile":113},"2025-11-22",{"date":134,"score":107,"percentile":108},"2025-11-23",{"date":136,"score":107,"percentile":113},"2025-11-24",{"date":138,"score":107,"percentile":113},"2025-11-25",{"date":140,"score":107,"percentile":108},"2025-11-26",{"date":142,"score":107,"percentile":108},"2025-11-27",{"date":144,"score":107,"percentile":108},"2025-11-28",{"date":146,"score":107,"percentile":108},"2025-11-29",{"date":148,"score":107,"percentile":108},"2025-11-30",{"date":150,"score":107,"percentile":151},"2025-12-01",0.99582,{"date":153,"score":107,"percentile":151},"2025-12-02",{"date":155,"score":107,"percentile":151},"2025-12-03",{"date":157,"score":107,"percentile":158},"2025-12-04",0.99573,{"date":160,"score":107,"percentile":161},"2025-12-05",0.99574,{"date":163,"score":107,"percentile":161},"2025-12-06",{"date":165,"score":107,"percentile":161},"2025-12-07",{"date":167,"score":107,"percentile":168},"2025-12-08",0.99575,{"date":170,"score":107,"percentile":168},"2025-12-09",{"date":172,"score":107,"percentile":173},"2025-12-10",0.99576,{"date":175,"score":107,"percentile":168},"2025-12-11",{"date":177,"score":107,"percentile":168},"2025-12-12",{"date":179,"score":107,"percentile":168},"2025-12-13",{"date":181,"score":107,"percentile":168},"2025-12-14",{"date":183,"score":107,"percentile":168},"2025-12-15",{"date":185,"score":107,"percentile":173},"2025-12-16",{"date":187,"score":107,"percentile":188},"2025-12-17",0.99577,{"date":190,"score":107,"percentile":191},"2025-12-18",0.99579,{"date":193,"score":107,"percentile":191},"2025-12-19",{"date":195,"score":107,"percentile":191},"2025-12-20",{"date":197,"score":107,"percentile":198},"2025-12-21",0.9958,{"date":200,"score":107,"percentile":198},"2025-12-22",{"date":202,"score":107,"percentile":198},"2025-12-23",{"date":204,"score":107,"percentile":198},"2025-12-24",{"date":206,"score":107,"percentile":207},"2025-12-25",0.99581,{"date":209,"score":107,"percentile":198},"2025-12-26",{"date":211,"score":107,"percentile":212},"2025-12-27",0.99583,{"date":214,"score":107,"percentile":198},"2025-12-28",{"date":216,"score":107,"percentile":198},"2025-12-29",{"date":218,"score":107,"percentile":207},"2025-12-30",{"date":220,"score":107,"percentile":207},"2025-12-31",{"date":222,"score":107,"percentile":223},"2026-01-01",0.9959,{"date":225,"score":107,"percentile":223},"2026-01-02",{"date":227,"score":107,"percentile":228},"2026-01-03",0.99591,{"date":230,"score":107,"percentile":151},"2026-01-04",{"date":232,"score":107,"percentile":212},"2026-01-05",{"date":234,"score":107,"percentile":151},"2026-01-06",{"date":236,"score":107,"percentile":151},"2026-01-07",{"date":238,"score":107,"percentile":151},"2026-01-08",{"date":240,"score":107,"percentile":212},"2026-01-09",{"date":242,"score":107,"percentile":212},"2026-01-10",{"date":244,"score":107,"percentile":212},"2026-01-11",{"date":246,"score":107,"percentile":212},"2026-01-12",{"date":248,"score":107,"percentile":212},"2026-01-13",{"date":250,"score":107,"percentile":251},"2026-01-14",0.99584,{"date":253,"score":107,"percentile":251},"2026-01-15",{"date":255,"score":107,"percentile":251},"2026-01-16",{"date":257,"score":107,"percentile":258},"2026-01-17",0.99586,{"date":260,"score":107,"percentile":261},"2026-01-18",0.99585,{"date":263,"score":107,"percentile":261},"2026-01-19",{"date":265,"score":107,"percentile":251},"2026-01-20",{"date":267,"score":107,"percentile":251},"2026-01-21",{"date":269,"score":107,"percentile":261},"2026-01-22",{"date":271,"score":107,"percentile":258},"2026-01-23",{"date":273,"score":107,"percentile":274},"2026-01-24",0.99587,{"date":276,"score":107,"percentile":274},"2026-01-25",{"date":278,"score":107,"percentile":274},"2026-01-26",{"date":280,"score":107,"percentile":274},"2026-01-27",{"date":282,"score":107,"percentile":274},"2026-01-28",{"date":284,"score":107,"percentile":274},"2026-01-29",{"date":286,"score":107,"percentile":274},"2026-01-30",{"date":288,"score":107,"percentile":289},"2026-01-31",0.99588,{"date":291,"score":107,"percentile":91},"2026-02-01",[293,301],{"source":40,"cvss_v2_0":294,"cvss_v3_0":9,"cvss_v3_1":299,"cvss_v4_0":9},{"baseScore":295,"baseSeverity":9,"vectorString":296,"impactScore":297,"exploitabilityScore":298},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":38,"baseSeverity":300,"vectorString":41,"impactScore":38,"exploitabilityScore":298},"CRITICAL",{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":302,"cvss_v4_0":9},{"baseScore":38,"baseSeverity":9,"vectorString":41,"impactScore":38,"exploitabilityScore":298},[304,326,333,342,351],{"ecosystem":305,"name":306,"vendor":307,"product":308,"cpe_part":9,"purl_type":309,"purl_namespace":307,"purl_name":308,"source":9,"versions":310},"Maven","org.springframework.security:spring-security-core","org.springframework.security","spring-security-core","maven",[311,319,323],{"version":312,"is_range":313,"range_type":314,"version_start":315,"version_start_type":316,"version_end":317,"version_end_type":318,"fixed_in":9},"gte5_5_0_lt5_5_7",true,"ecosystem","5.5.0","including","5.5.7","excluding",{"version":320,"is_range":313,"range_type":314,"version_start":321,"version_start_type":316,"version_end":322,"version_end_type":318,"fixed_in":9},"gte5_6_0_lt5_6_4","5.6.0","5.6.4",{"version":324,"is_range":313,"range_type":314,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":318,"fixed_in":9},"lt5_4_11","5.4.11",{"ecosystem":305,"name":327,"vendor":307,"product":328,"cpe_part":9,"purl_type":309,"purl_namespace":307,"purl_name":328,"source":9,"versions":329},"org.springframework.security:spring-security-web","spring-security-web",[330,331,332],{"version":312,"is_range":313,"range_type":314,"version_start":315,"version_start_type":316,"version_end":317,"version_end_type":318,"fixed_in":9},{"version":320,"is_range":313,"range_type":314,"version_start":321,"version_start_type":316,"version_end":322,"version_end_type":318,"fixed_in":9},{"version":324,"is_range":313,"range_type":314,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":318,"fixed_in":9},{"ecosystem":9,"name":334,"vendor":335,"product":336,"cpe_part":337,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":338},"active iq unified manager","netapp","active_iq_unified_manager","a",[339],{"version":340,"is_range":35,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe",{"ecosystem":9,"name":343,"vendor":344,"product":345,"cpe_part":337,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":346},"financial services crime and compliance management studio","oracle","financial_services_crime_and_compliance_management_studio",[347,349],{"version":348,"is_range":35,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0.8.2.0",{"version":350,"is_range":35,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0.8.3.0",{"ecosystem":9,"name":352,"vendor":353,"product":354,"cpe_part":337,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":355},"spring security","vmware","spring_security",[356,358],{"version":357,"is_range":313,"range_type":341,"version_start":9,"version_start_type":9,"version_end":317,"version_end_type":318,"fixed_in":9},"lt5.5.7",{"version":359,"is_range":313,"range_type":341,"version_start":321,"version_start_type":316,"version_end":322,"version_end_type":318,"fixed_in":9},"gte5.6.0_lt5.6.4"]