Protection Mechanism Failure in org.springframework.security:spring-security-core

Summary

Spring Security Aspects may not correctly detect method security annotations on private methods, potentially leading to authorization bypasses. An application may be affected if both of the following conditions are met: a) the configuration includes `@EnableMethodSecurity(mode = ASPECTJ)` and the "spring-security-aspects" module, b) one or more private methods are annotated with Spring Security method-level annotations. Under these conditions, the affected methods may be invoked without the expected authorization checks. This vulnerability affects org.springframework.security:spring-security-core package versions 6.4.x prior to 6.4.6, 6.5.x prior to 6.5.0.