ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15299 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.2.0 <=6.2.6)

org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2024-38820, CVE-2025-22233 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10176071...

This Week in Spring - May 13th, 2025

Hi, Spring fans! As I write this, I'm at the amazing Code Remix event in Miami well, technically Tampa, Florida. I'll also be speaking at the Tampa JUG while I'm there, so look out! After that, I'll be headed back to Europe—a wee bit further north this time—to Stockholm for the amazing JForum...

Spring gRPC Promoted!

It's a few months since we had a blog about Spring gRPC that wasn't just a release announcement. This one marks the first release since the project was promoted from experimental to a full member of the Spring Portfolio. This doesn't change the way you consume the project, but it has some...

kkFileView 代码问题漏洞

kkFileView is Kaijing Technology kekingcn open source Spring-Boot based on a generic file online preview project . kkFileView 4.4.0 version of the code problem vulnerability , the vulnerability stems from the file/fileUpload in the parameter File of the wrong operation leads to arbitrary file...

CVE-2025-4511

The CVE-2025-4511 entry concerns vector4wang spring-boot-quick up to 20250422, affecting the quick-img2txt component. The vulnerability targets the Img2TxtController.java (ResponseEntity usage) and enables path traversal. Exploitation appears remote and public disclosures exist; vendor did not re...

CVE-2025-4511 vector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversal

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. Th...

spring-boot-quick 路径遍历漏洞

spring-boot-quick is a quick learning example framework based on springboot by wangxc individual developer. A path traversal vulnerability exists in spring-boot-quick 20250422 and earlier versions, which stems from vulnerability to path traversal attacks...

PT-2025-20637 · Vector4Wang · Spring-Boot-Quick

Name of the Vulnerable Software and Affected Versions: vector4wang spring-boot-quick up to 20250422 Description: A critical issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component...

Missing Authorization

org.springframework.boot is vulnerable to Missing Authorization. The vulnerability is due to incorrect request matching caused by EndpointRequest.to creating a matcher for null/ when the targeted actuator endpoint is disabled or not exposed, which allows unprotected access to the /null path...

This Week in Spring - May 6th, 2025

Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...

CVE-2025-4175

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...

CVE-2025-4175

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...

CVE-2025-4175

CVE-2025-4175 affects AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. The vulnerability is in the function uploadUserProfileImage of the file UserProfileController.java within the Upload Profile API Endpoint. Manipulation of the File argument leads to a path traversal, enabling a remote at...

CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...

PT-2025-18711 · Alanbinu007 · Spring-Boot-Advanced-Projects

Name of the Vulnerable Software and Affected Versions: AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3 Description: A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file...

Spring-Boot-Advanced-Projects 路径遍历漏洞

Spring-Boot-Advanced-Projects is a Spring Boot application by Alan Binu, an individual developer. A path traversal vulnerability exists in Spring-Boot-Advanced-Projects 3.1.3 and earlier versions, which stems from an incorrect operation of the file upload feature that results in path traversal...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3035 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)

org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +38874 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.2)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

ai.djl.spring:djl-spring-boot-starter-autoconfigure (=0.26), ai.djl.spring:djl-spring-boot-starter-mxnet-auto (=0.26) +4388 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.2.0 <=3.2.12)

org.springframework.boot:spring-boot MAVEN version =3.2.0, =1.5.0, =1.5.0, =0.0.1, =7.0.0, =0.25.7-rc.1, =0.8.0.BETA, =1.0.2, =1.0.6 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7659 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.17.0, =1.17.0, =1.17.0, =1.21.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...