CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

Apache Shiro prior to 1.8.0 (when used with Spring Boot) is affected by an authentication bypass via specially crafted HTTP requests. The CVE-2021-41303 entry notes a high/critical impact (C:H/I:H/A:H in CVSS 3.1) and recommends upgrading to Apache Shiro 1.8.0 or later to remediate. Connected doc...

CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.10 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +38 more potentially affected by CVE-2021-36162 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.15)

org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.chinagoods.framework.thinkcloud:think-cloud-starter-business =3.1.7.RELEASE - com.chinagoods.framework.thinkcloud:think-cloud-starter-controller =3.1.7.RELEASE -...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19704

The CVE-2020-19704 entry describes a stored cross-site scripting (XSS) vulnerability in spring-boot-admin, via ResourceController.java, with exploitation possible to run arbitrary web scripts/HTML. Documents confirm affected software is spring-boot-admin and the vulnerable component/file is Resou...

spring-boot-admin 跨站脚本漏洞

spring-boot-admin is an open source backend management system based on Spring boot Mybatis , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin There is a security vulnerability that can be exploited by attackers to...

SpringBootVulExploit

This repository is an offensive tool for exploiting Spring Boot vulnerabilities. It contains a collection of exploits and techniques for various Spring Boot versions, including: 1. Spring Boot 1.0 - 1.4: Exposes actuators by default without any parameters, making it vulnerable to RCE Remote Code...

br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...

JetLinks open source IoT platform suffers from weak password vulnerability

JetLinks open source Internet of Things platform based on Java8, Spring Boot 2.x, WebFlux, Netty, Vert.x, Reactor and other development , is an out-of-the-box , secondary development of enterprise-class Internet of Things infrastructure platform . JetLinks open source IoT platform has a weak...

SpringBootVulExploit

It is an offensive tool for Spring Boot exploitation. The repository contains a collection of exploits and techniques for exploiting Spring Boot applications, including: Spring Boot Vulnerability Exploit Check List: a checklist for identifying vulnerabilities in Spring Boot applications...

GHSA-2X7V-W2MV-F3RX Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

com.scoperetail.fusion:fusion-connect (>=0.57 <=0.79), com.scoperetail.fusion:fusion-connect-core (>=0.21 <=0.58) +11 more potentially affected by CVE-2020-11972 via org.apache.camel:camel-rabbitmq (>=3.0.0 <=3.22.4)

org.apache.camel:camel-rabbitmq MAVEN version =3.0.0, =0.57, =0.21, =0.5, =0.1.0, =1.0.0, =0.10.1, =0.10.1, =2.0.0, =1.0.0-M6, =1.0.0-M6, =3.0.0, =3.22.4 - org.springframework.cloud:spring-cloud-contract-sample-camel =4.1.6 Source cves: CVE-2020-11972 Source advisory: OSV:GHSA-2X6R-7427-95CM...

net.simpledynamics:openid-connect-server-spring-boot-config (>=0.1.0 <=0.1.3), net.simpledynamics:openid-connect-server-spring-boot-samples-default (>=0.1.0 <=0.1.1) +7 more potentially affected by CVE-2021-26715 via org.mitre:openid-connect-server (>=1.1.0 <=1.3.3)

org.mitre:openid-connect-server MAVEN version =1.1.0, =0.1.0, =0.1.0, =0.1.0, =0.11, =1.1.0, =1.2.0, =1.2.0, =1.3.3 Source cves: CVE-2021-26715 Source advisory: OSV:GHSA-792R-MH2Q-P8QP...

Atlassian Connect Spring Boot Authorization Issues Vulnerability

Atlassian Connect Spring Boot is an application component from Atlassian Australia. A Spring Boot starter program is provided for building Atlassian Connect add-ons for JIRA Software, Service Desk and Core and Confluence. An authorization issue vulnerability exists in Atlassian Connect Spring Boo...

com.quamto.jira:plugins-base (>=1.1.1-rc <=1.6.1) potentially affected by CVE-2021-26074 via com.atlassian.connect:atlassian-connect-spring-boot-starter (>=1.2.1 <=1.5.0)

com.atlassian.connect:atlassian-connect-spring-boot-starter MAVEN version =1.2.1, =1.1.1-rc, =1.6.1 Source cves: CVE-2021-26074 Source advisory: OSV:GHSA-CPCR-74Q9-74GP...

GHSA-CPCR-74Q9-74GP Broken Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3. Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...