K000160223: Spring cloud gateway vulnerability CVE-2025-41243

Security Advisory Description Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server...

EUVD-2025-29611

Malicious code in bioql PyPI...

CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

CVE-2025-41243

Spring Cloud Gateway Server Webflux is affected by a vulnerability where unsecured and exposed actuator endpoints allow modification of Spring Environment properties via SpEL, enabling configuration tampering. Affected component: Spring Cloud Gateway Server Webflux (WebFlux; WebMVC is not vulnera...

CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

CLSA-2025-1747849358 Fix CVE(s): CVE-2024-10979

SECURITY UPDATE: Externally controlled reference to resources. - debian/patches/CVE-2024-10979.patch: Remove magic property of ENV in ./src/pl/plperl/plctrusted.pl. Add getenviron to ./src/test/regress/regress.c. - CVE-2024-10979...