What is GHSA-jgj7-c8vj-w563?

GHSA-jgj7-c8vj-w563 is a security advisory published by GitHub Security Advisories with Low severity. A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by...

Which CVE IDs does GHSA-jgj7-c8vj-w563 cover?

GHSA-jgj7-c8vj-w563 covers the following CVE IDs: CVE-2026-9370. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jgj7-c8vj-w563?

GHSA-jgj7-c8vj-w563 has a CVSS v3 base score of 3.7, published by GitHub Security Advisories.

GHSA-jgj7-c8vj-w563LowCVSS 3.7

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-9370 →

📋 Description

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password Hash Handler. Executing a manipulation can lead to use of a one-way hash with a predictable salt. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-9370
https://github.com/dntyfate/cve/issues/3
https://github.com/ulisesbocchio/jasypt-spring-boot/issues/431
https://github.com/ulisesbocchio/jasypt-spring-boot
https://vuldb.com/submit/813198
https://vuldb.com/vuln/365333
https://vuldb.com/vuln/365333/cti
https://github.com/advisories/GHSA-jgj7-c8vj-w563