Lucene search
K

167 matches found

CNNVD
CNNVD
added 2024/07/09 12:0 a.m.8 views

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework based on Spring Boot implementation by the US Spring team. A security vulnerability exists in Spring Cloud Function Framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, which stems from an application being vulnerable to a denial-of-service...

8.2CVSS6.7AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-7898

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remot...

8.8CVSS7AI score0.0127EPSS
Exploits0References15
Spring Security Advisories
Spring Security Advisories
added 2024/07/09 12:0 a.m.10 views

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/06/19 12:0 a.m.7 views

Spring Cloud Function Web DOS Vulnerability

Description In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is...

8.2CVSS7.1AI score0.0127EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/05/08 4:25 a.m.504 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...

9.8CVSS9.7AI score0.99939EPSS
Exploits36
Veracode
Veracode
added 2024/03/21 10:27 a.m.16 views

Improper Input Validation

parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code...

9CVSS7.4AI score0.01188EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/21 7:25 a.m.15 views

BIT-PARSE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remo...

9CVSS7.5AI score0.01188EPSS
Exploits0References6
OSV
OSV
added 2024/03/19 8:7 p.m.19 views

GHSA-6HH7-46R2-VF29 Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

9CVSS9.2AI score0.01188EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/03/19 8:7 p.m.27 views

Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

9CVSS7.4AI score0.01188EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/03/19 7:15 p.m.18 views

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS9.4AI score0.01188EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/19 6:57 p.m.21 views

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS9.6AI score0.01188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/19 6:57 p.m.9 views

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS7.5AI score0.01188EPSS
Exploits0References5
OSV
OSV
added 2024/03/19 6:57 p.m.18 views

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS9AI score0.01188EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.9 views

PT-2024-22680 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.5 and 7.0.0-alpha.29 Description: The issue arises when an invalid Parse Server Cloud Function name or Cloud Job name is called, potentially leading to code injection, internal store manipulation, or remote...

9CVSS8AI score0.01188EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2023/10/28 9:42 p.m.405 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...

9.8CVSS9.5AI score0.99939EPSS
Exploits36
0day.today
0day.today
added 2023/07/11 12:0 a.m.344 views

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7.1AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/05/25 7:50 p.m.377 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Exploit for RCE in Spring Cloud CVE 2022-22963 Exploit for...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/04/17 1:54 p.m.331 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function Vulnerability CVE-2022-22963 RCE This...

9.8CVSS9.5AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/04/10 2:12 p.m.485 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit This repository contains a Rust-based e...

9.8CVSS9.7AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/03/21 6:14 a.m.352 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963-Reverse-Shell-Exploit This is a Python script t...

9.8CVSS9.9AI score0.99939EPSS
Exploits36
Rows per page
Query Builder