{
  "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi",
  "issues" : [
    {
      "addedAt" : 0,
      "authorEmail" : "-",
      "authorName" : "-",
      "baseName" : "spring-security-core-6.5.1.jar",
      "category" : "",
      "columnEnd" : 0,
      "columnStart" : 0,
      "commit" : "-",
      "description" : "",
      "fileName" : "/usr/local/tomcat/webapps/govwayAPIMonitor.war/WEB-INF/lib/spring-security-core-6.5.1.jar",
      "fingerprint" : "FALLBACK-ce8ed6f6",
      "lineEnd" : 1,
      "lineStart" : 1,
      "message" : "CVE-2025-41248: LanguageSpecificPackageVulnerability\u000a\u000aorg.springframework.security/spring-security-core: Spring Security authorization bypass\u000a\u000aFor additional help see: **Vulnerability CVE-2025-41248**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.springframework.security:spring-security-core|6.4.10, 6.5.4|[CVE-2025-41248](https://avd.aquasec.com/nvd/cve-2025-41248)|\u000a\u000aThe Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.\u000a\u000aYour application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.\u000a\u000aYou are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.\u000a\u000aThis CVE is published in conjunction with  CVE-2025-41249 https://spring.io/security/cve-2025-41249 .\u000a\u000aPackage: org.springframework.security:spring-security-core\u000aInstalled Version: 6.5.1\u000aVulnerability CVE-2025-41248\u000aSeverity: HIGH\u000aFixed Version: 6.4.10, 6.5.4\u000aLink: [CVE-2025-41248](https://avd.aquasec.com/nvd/cve-2025-41248)",
      "moduleName" : "",
      "origin" : "trivy",
      "originName" : "Trivy Security Scanner",
      "packageName" : "-",
      "reference" : "1323",
      "severity" : "HIGH",
      "toString" : "spring-security-core-6.5.1.jar(1,0): CVE-2025-41248: : CVE-2025-41248: LanguageSpecificPackageVulnerability\u000a\u000aorg.springframework.security/spring-security-core: Spring Security authorization bypass\u000a\u000aFor additional help see: **Vulnerability CVE-2025-41248**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.springframework.security:spring-security-core|6.4.10, 6.5.4|[CVE-2025-41248](https://avd.aquasec.com/nvd/cve-2025-41248)|\u000a\u000aThe Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.\u000a\u000aYour application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.\u000a\u000aYou are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.\u000a\u000aThis CVE is published in conjunction with  CVE-2025-41249 https://spring.io/security/cve-2025-41249 .\u000a\u000aPackage: org.springframework.security:spring-security-core\u000aInstalled Version: 6.5.1\u000aVulnerability CVE-2025-41248\u000aSeverity: HIGH\u000aFixed Version: 6.4.10, 6.5.4\u000aLink: [CVE-2025-41248](https://avd.aquasec.com/nvd/cve-2025-41248)",
      "type" : "CVE-2025-41248"
    }
  ],
  "size" : 1,
  "toString" : "1 warning (high: 1)"
}