CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

Design/Logic Flaw

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

CVE-2023-34055

CVE-2023-34055 concerns denial-of-service in Spring Boot when using Spring MVC/WebFlux and the actuator JAR on the classpath. Affected are Spring Boot versions 2.7.0–2.7.17, 3.0.0–3.0.12, and 3.1.0–3.1.5. The DoS condition arises from specially crafted HTTP requests; exploitation requires the aff...

CVE-2023-34055 Spring Boot server Web Observations DoS Vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

CVE-2023-34053 Spring Framework server Web Observations DoS Vulnerability

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

PT-2023-7931 · Spring · Spring Boot

Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.7.0 through 2.7.17 Spring Boot versions 3.0.0 through 3.0.12 Spring Boot versions 3.1.0 through 3.1.5 Description: The issue is related to the Spring Boot framework, where an application can be vulnerable to a...

This Week in Spring - 28 November, 2023

Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...

VMware Spring Boot Security Vulnerability

VMware Spring Boot is a set of open source frameworks from VMware. A security vulnerability exists in VMware Spring Boot that originates from allowing an attacker to cause a denial of service DOS via a specially crafted HTTP request. Affected products and versions: Spring Boot versions 2.7.0...

CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...

app.cash.backfila:client-misk (>=2023.12.01.210510-f61f157 <=2025.09.02.174848-7b27340), app.cash.backfila:client-misk-hibernate (>=2023.12.01.210510-f61f157 <=2025.01.16.180443-b0fbc31) +1597 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.72)

org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =4.8.3, =1.4.0, =8.1.0.563, =1.1, =1.0.0, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.12 and more Source cves: CVE-2023-3320...

A Bootiful Podcast: iText Creator Bruno Lowagie

Hi, Spring fans! We're releasing Spring Boot 3.2 today! And it's Thanksgiving in the USA Happy Thanksgiving!. So, we wanted to celebrate with an amazing episode, and so today's guest is opensource legend Bruno Lowagie. Enjoy!...

Spring Tips: Spring Boot 3.2

Hi, Spring fans! In this installment of Spring Tips, I look at the new Spring Boot 3.2 release, due to drop today, the 23rd of November 2023! 23-11-23! We're diving into the cool new features of Spring Boot 3.2 and Java 21. We'll explore how virtual threads from Project Loom make your code run...

A Bootiful Podcast: Google Developer Advocate, Java legend, Alexis Moussine Pouchkine

Hi, Spring fans! Happy Thanksgiving to those who celebrate! Have you tried out Spring Boot 3.2? It comes out NEXT week on the 23rd! Get the bits and try them out now! This week I am joined by Google Developer Advocate, Java legend, Alexis Moussine Pouchkine...

VulnCheck KEV: CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this...

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

This Week in Spring - November 7th, 2023

Hi, Spring fans! Can you believe we've already turned the calendar page to November? Time sure is a swift developer, deploying months as if they were minor versions in an ever-evolving application. As we adjust our clocks to fall back, waving a reluctant goodbye to daylight savings time, the...

SSL hot reload in Spring Boot 3.2.0

In Spring Boot 3.2.0, we're adding the ability for embedded web servers to hot-reload SSL certificates and keys. That means you can rotate your SSL trust material without restarting your application. Hot reloading is supported for Tomcat and Netty embedded web servers. Let's see that in action!...

IceCMS Cross-Site Request Forgery Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...

IceCMS 跨站请求伪造漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...