ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), ai.hyacinth.framework:core-service-gateway-server (=0.5.0) +1506 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...

Spring Boot Actuator Command Execution Vulnerability

Actuators are one of the four main features proposed in Spring Boot to simplify Spring development. A command execution vulnerability exists in Spring Boot Actuator, which can be exploited by an attacker to execute arbitrary commands by constructing a malicious request...

Spring Boot Actuator Module Command Execution Vulnerability

Spring Boot Acuatorr can help you monitor and manage your Spring Boot applications, such as health checks, auditing, statistics and HTTP tracing. A command execution vulnerability exists in the Spring Boot Actuator module. The vulnerability is realized by using JNDI through Spring Boot Actuator's...

br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +284 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.4.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =1.0.0, =1.0.6, =1.0.6, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...

com.github.chrisgleissner:spring-batch-rest-api (>=1.0.3 <=1.2.7), com.github.chrisgleissner:spring-batch-rest-example (>=1.0.3 <=1.2.7) +7 more potentially affected by CVE-2019-3774 via org.springframework.batch:spring-batch-core (=4.1.0.RELEASE)

org.springframework.batch:spring-batch-core MAVEN version =4.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.batch:spring-batch-core and may be impacted: - com.github.chrisgleissner:spring-batch-rest-api =1.0.3, =1.0.3,...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-14721 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-14721 Source advisory: OSV:GHSA-9MXF-G3X6-WV74...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-19360 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-19360 Source advisory: OSV:GHSA-F9HV-MG5H-XCW9...

com.microsoft.azure:azure-active-directory-b2c-spring-boot-starter (>=2.1.4.M1 <=2.1.6.M2), com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.1.0 <=2.1.0) +4 more potentially affected by CVE-2018-15801 via org.springframework.security:spring-security-oauth2-jose (>=5.1.10.RELEASE <=5.1.1.RELEASE)

org.springframework.security:spring-security-oauth2-jose MAVEN version =5.1.10.RELEASE, =2.1.4.M1, =1.1.0, =1.2.0, =1.2.0, =2.1.0.RELEASE, =2.1.0.RELEASE, =2.1.18.RELEASE Source cves: CVE-2018-15801 Source advisory: OSV:GHSA-27XW-P8V6-9JJR...

Arbitrary Password Reset Vulnerability in Ruoyi Management System

Ruoyi management system is a SpringBoot2.0 based on the use of Spring, MyBatis, Shiro rights management system . Ruoyi Management System has an arbitrary password reset vulnerability that can be exploited by an attacker to reset any user's password...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

Denial of service

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756 DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

GHSA-XX65-CC7G-9PFP Moderate severity vulnerability that affects org.springframework.boot:spring-boot

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...

Moderate severity vulnerability that affects org.springframework.boot:spring-boot

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...

com.github.microwww:mocker-redis-spring-boot-autoconfigure (>=0.0.1 <=3.0.0), com.github.microwww:mocker-redis-spring-boot-starter (>=0.0.1 <=3.0.2-2.8) +79 more potentially affected by CVE-2018-1196 via org.springframework.boot:spring-boot (=1.5.0.RELEASE)

org.springframework.boot:spring-boot MAVEN version =1.5.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.boot:spring-boot and may be impacted: - com.github.microwww:mocker-redis-spring-boot-autoconfigure =0.0.1, =0.0.1,...

Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot 1.5.16 update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

br.com.thiaguten:umbrella-monitoring (>=0.1.0 <=0.1.1), cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28) +7 more potentially affected by CVE-2018-15531 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.73.1)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.1.0, =0.0.4, =1.57.0, =1.64.0, =1.5.7.0, =1.10.0, =2.0.0, =2.0.0, =2.0.1 - uk.ac.ebi.interpro.scan:server =5.36-75.0 Source cves: CVE-2018-15531 Source advisory: OSV:GHSA-6FVX-R7HX-3VH6...

cn.youweisoft:sparrow-permission (>=1.4.0 <=1.6.0), com.bucket4j:bucket4j-ignite (>=7.6.1 <=8.10.1) +267 more potentially affected by CVE-2018-8018 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.5.0)

org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =1.4.0, =7.6.1, =8.11.0, =8.11.0, =8.0.0, =1.0.0, =3.0.0-beta1, =0.1.2, =1.5.1, =2.0, =0.0.1, =1.1.0 - com.github.itzmedinesh:micro-cache-grid =1.0.0 and more Source cves: CVE-2018-8018 Source advisory: OSV:GHSA-QCJV-WFCG-MMPR...