Low: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.10 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Unauthorized Access Vulnerability in Huaxia ERP

Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . Huaxia ERP has an unauthorized access vulnerability that can be exploited by attackers to...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6.SP2 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SQL Injection Vulnerability in Mini-Tmall Framework Front and Backend

Mini Tmall Mini Tmall is a Spring Boot-based integrated B2C e-commerce platform, the requirements of the design of the main reference Tmall shopping process: users start from registration, to complete the login, browse the products, add a shopping cart, place an order, confirm receipt, evaluation...

Unauthorized Access Vulnerability in JeewxBoot of Beijing National Torch Information Technology Co.

JeewxBoot is a SpringBoot-based open source WeChat housekeeper system , using SpringBoot2.1.3 Mybatis + Velocity framework technology. Beijing State Torch Information Technology Co. JeewxBoot has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive informati...

cn.strongculture:prometheus-spring-boot-starter (=1.0.0), com.buession.springcloud.stream:buession-springcloud-stream-core (>=2.2.1 <=2.3.3) +105 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.3.0.RELEASE, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.15 security and bug fix update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...

Engel & Völkers Technology GmbH: Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com

Summary: The Spring Boot Actuators are exposing critical information on gonext-stage.engelvoelkers.com such as the last 100 HTTP requests made to the server including cookies, paths, etc and the environment configuration. The endpoints are the following: - /trace - /env - /mappings - /configprops...

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2637 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

XSS Vulnerability in My-Blog-layui

My-Blog-layui by SpringBoot + Layui + Mybatis + Thymeleaf and other technologies to achieve the Java blog system . My-Blog-layui has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints

This bug was reported directly to GitHub Security Lab...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.12 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing

GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secre...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6330 more potentially affected by CVE-2020-9547 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.5)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2020-9547 Source advisory: OSV:GHSA-Q93H-JC49-78GG...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6330 more potentially affected by CVE-2020-9548 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.5)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2020-9548 Source advisory: OSV:GHSA-P43X-XFJF-5JHR...

Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution

Pivotal Spring Boot is a Java framework designed to help developers create minimal Spring based applications. Spring applications provide the Spring Expression Language SpEL which is a powerful expression language for querying and manipulating an object graph at runtime. Spring Boot versions belo...