Lucene search
K

29 matches found

NVD
NVD
added 2022/04/14 9:15 p.m.34 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS0.05666EPSS
Exploits2References3
Prion
Prion
added 2022/04/14 9:15 p.m.38 views

Path traversal

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5CVSS5.9AI score0.05666EPSS
Exploits2References3Affected Software2
UbuntuCve
UbuntuCve
added 2022/04/14 9:15 p.m.55 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.8AI score0.05666EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/04/14 8:5 p.m.37 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.9AI score0.05666EPSS
Exploits2References3
CVE
CVE
added 2022/04/14 8:5 p.m.297 views

CVE-2022-22968

CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...

5.3CVSS5.4AI score0.05666EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2022/04/14 8:5 p.m.46 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS5.3AI score0.05666EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2022/04/14 8:5 p.m.55 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.6AI score0.05666EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2022/04/14 8:54 a.m.302 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS3.7AI score0.05666EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2022/04/02 9:13 a.m.492 views

Exploit for Code Injection in Vmware Spring_Framework

Spring-Core-RCE Spring Framework Remote Command Execution Vuln...

9.8CVSS7.4AI score0.99677EPSS
Exploits102
Rows per page
Query Builder