1242 matches found
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploit checklists, including information on how to exploit various vulnerabilities in Spring Boot applications. The repository includes several subdirectories, each containing a specific exploit: 1...
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.6 security update
An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.11 security update
An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Directory Traversal
spring-boot-actuator-logview is vulnerable to directory traversal. The vulnerability exists through the base folder parameter exposed in the log file directory through admin HTTP endpoints...
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
Directory traversal
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
CVE-2021-21234 Directory Traversal
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
CVE-2021-21234
CVE-2021-21234 affects the Spring Boot Actuator Logview library (eu.hinsch:spring-boot-actuator-logview). Before version 0.2.13, there is a directory traversal vulnerability exposed by the actuator logviewer endpoint, where both the filename parameter and the base directory can be manipulated (ba...
Directory Traversal in spring-boot-actuator-logview
Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...
Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability
Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...
Command Execution Vulnerability in Huaxia ERP (CNVD-2020-70782)
Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . HUAXIA ERP has a command execution vulnerability. Attackers can use this vulnerability to...
Unauthorized access and file upload vulnerabilities in Ruoyi's backend management system
Ruoyi backend management system is based on SpringBoot, Spring Security, JWT, Vue & Element of the front and back end separation of permissions management system , can be used for all Web applications , such as website management backend , website member center , CMS, CRM, OA and so on. If there ...
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...
Authentication Bypass
shiro-spring-boot-web-starter is vulnerable to authentication bypass. An attacker is able to bypass authentication via a malicious HTTP request...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...
Semrush: Critically Sensitive Spring Boot Endpoints Exposed
Spring Boot includes a number of additional features to help you monitor and manage your application when you push it to production. Hacker found that actuator endpoints containing potentially sensitive data such as internal tokens and service data were left public. Semrush has a microservices...
PT-2022-2032
Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.20 and 5.3.18 Spring Boot versions prior to 2.5.12 and 2.6.6 libspring-aop-java - 4.3.22-4ubuntu0.1esm1 libspring-beans-java - 4.3.22-4ubuntu0.1esm1 libspring-context-java - 4.3.22-4ubuntu0.1esm1...
Stripo Inc: Memory Dump and Env Disclosure via Spring Boot Actuator
Memory Dump and Env Disclosure via Spring Boot Actuator Spring boot actuator files/endpoints can be accessed via path like stripo.email/██████/actuator/, including a 110 MB heapdump file, which expose source code, private keys and some internal data! The maximum severity of this asset is medium, ...
SQL Injection Vulnerability in ERP-PRO
ERP-PRO is based on SpringBoot 2.X framework for small and medium-sized enterprises to build open source good ERP software. ERP-PRO suffers from SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive information in the database...