1241 matches found
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
Design/Logic Flaw
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf 3.1.1.RELEASE (used in Spring Boot Admin up to 3.1.1) is affected by a sandbox bypass via crafted HTML, enabling potential SSTI and code execution if MailNotifier is enabled with write access to environment variables in the UI. Affected products: Thymeleaf 3.1.1.RELEASE and Spring Boot ...
PT-2023-26346 · Thymeleaf +1 · Thymeleaf +1
Name of the Vulnerable Software and Affected Versions: Thymeleaf versions 3.1.1.RELEASE and earlier spring-boot-admin versions 3.1.1 and earlier Description: The issue allows for a sandbox bypass via crafted HTML, which may be relevant for Server Side Template Injection SSTI and code execution in...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
A Bootiful Podcast: Spring Framework and Spring Boot legend Stéphane Nicoll on a Bootiful Podcast
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long talk to Spring team legend Stéphane Nicoll @snicoll about Spring Boot, Apache Maven and Gradle, his journey to the Spring team, and so much more. This episode was recorded live from beautiful...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot (CVE-2023-20873)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot, caused by a flaw with wildcard pattern matching when deployed on Cloud Foundry CVE-2023-20873. VMware Tanzu Spring Boot is used as part of our Speech...
This Week in Spring - July 11th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in yummy, sunny Jakarta, Indonesia at the moment, preparing for a week of meetings and the SpringOne Tour Indonesia event later this week. I'll also be speaking in Kuala Lumpur, Malaysia on July 20th, 2023 . If you're in...
Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update
A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...
spring-boot: Spring Boot Welcome Page DoS Vulnerability
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in VMware Tanzu Spring Boot
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Boot. Vulnerability Details CVEID:CVE-2023-20873 DESCRIPTION: VMware Tanzu Spring Boot could allow a remote attacker to bypass security restrictions, caused by a flaw with wildca...
Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20873
Summary There is a vulnerability in Spring Boot that could allow a remote attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20873...
Security Bulletin: Vulnerability in Spring Boot affects IBM Process Mining . CVE-2023-20883
Summary There is a vulnerability in Spring Boot that could allow a remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20883...
This Week in Spring - June 27th, 2023
Hi Spring fans! Welcome to another installment of This Week in Spring! This week I am in Seoul talking to developers about the latest-and-greatest in Spring Boot 3! There's so much great stuff coming, and so much great stuff already. There are a few things I'm super excited about. First, yesterda...
Using Spring for GraphQL with Spring Data Neo4j
Introduction This is a guest blog post by Gerrit Meier from Neo4j who maintains the Spring Data Neo4j module. A few weeks ago version 1.2.0 of Spring for GraphQL was released with a bunch of new features. This also includes even better integration with Spring Data modules. Motivated by those...
Improved Testcontainers Support in Spring Boot 3.1
There's been support for Testcontainers in Spring Boot for some time now, and Spring Boot 3.1 improves it further. But first, let's take a look at what Testcontainers is and how it's usually used. Testcontainers is an open source framework for providing throwaway, lightweight instances of...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update
Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
spring-boot: Spring Boot Welcome Page DoS Vulnerability
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...