1242 matches found
spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Pivotal Spring Boot Elevation of Privilege Vulnerability
Pivotal Spring Boot is the U.S. Pivotal Software, Inc. of a new framework used to simplify the initial setup of new Spring applications as well as the development process. A security vulnerability exists in Pivotal Spring Boot versions 1.5.0 through 1.5.9 and 2.0.0.M1 through 2.0.0.M7. An attacke...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2018-1196
The CVE-2018-1196 issue affects Spring Boot when using the embedded launch script to run as a systemd/init.d service. The root cause is a symlink attack on the run_user, enabling overwriting/taking ownership of files on the same system if the app is installed as a service and the run_user has she...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
Symlink Privilege Escalation
spring-boot-loader-tools is vulnerable to symlink privilege escalation attacks. The runuser can overwrite and take over ownership of any file on the system by using a symlink attack. The application must be installed as a service and the runuser must have shell access in order to successfully...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Code injection
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-8046
CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. Recent assessments: Assessed Attacker Value: 0...
Privilege Escalation
keycloak-spring-boot-adapter is susceptible to privilege escalation attacks. It is due to a flaw in the loop of KeycloakSpringBootConfiguration.java, granting admin access to normal user instead of using the security constraints as intended when Tomcat is used for Spring...
Spring Boot Framework SPEL Expression Injection Vulnerability
Spring is a lightweight Java development framework . Spring Boot is a core subproject of Spring , which is designed to simplify the initial setup of new Spring applications and the development process . Spring Boot Framework SPEL Expression Injection Vulnerability. As the user adopts Spring Boot ...