CVE-2024-22233: Spring Framework server Web DoS Vulnerability

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...

Vulnerability fixed in VMware Tanzu Spring Framework

VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...

VMware Spring Boot 3.1.7 / 3.2.1 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

Spring Tips: Spring Data JDBC

Hi, Spring fans! In this installment, Josh Long looks at the fantastic Spring Data JDBC project, which is one of the easiest and most powerful ways to leverage JDBC in a Spring Boot application...

Eva SQL Injection Vulnerability

Eva Eva is a coderd-repos open source based on SpringBoot, Mybatis Plus, open source backend management system project framework. Eva 1.0.0 version of the existence of SQL injection vulnerability , the vulnerability stems from /system/traceLog/page page SQL injection vulnerability...

This Week in Spring - January 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, com...

This Week in Spring - January 2nd, 2024

Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

Design/Logic Flaw

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1 that stems from a misconfiguration of Spring Boot permissions, resulting in unauthorized access vulnerabilities in three interfaces...

PT-2023-31868 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is an open source, real-time monitoring system. Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces, potentially resulting in the...

This Week in Spring - December 19th, 2023

Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...

org.apache.dubbo:dubbo-spring-boot-actuator (=3.1.5), org.apache.dubbo:dubbo-spring-boot-actuator-compatible (=3.1.5) +5 more potentially affected by CVE-2023-46279 via org.apache.dubbo:dubbo (=3.1.5)

org.apache.dubbo:dubbo MAVEN version =3.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.dubbo:dubbo and may be impacted: - org.apache.dubbo:dubbo-spring-boot-actuator =3.1.5 - org.apache.dubbo:dubbo-spring-boot-actuator-compatible =3.1.5...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update

Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.2 release security update

Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown part of /WebResource/resource in the Love Handler component...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...