This issue is classified as a moderate severity vulnerability because it impacts only specific configurations in Spring WebFlux applications and does not compromise dynamic or core application functionality.
To exploit this vulnerability, the application must not only be using Spring WebFlux but must also serve static resources with non-permitAll authorization rules. Furthermore, the breach affects only static resources - such as CSS, JavaScript, or images - that could allow an attacker to bypass security controls.
Collection
[
|
...
]