CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview

Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview version 0.2.13 Description: The issue allows Directory Traversal to sibling directories via the LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to...

CVE-2023-29986

CVE-2023-29986 affects spring-boot-actuator-logview 0.2.13. The vulnerability is a Directory Traversal through LogViewEndpoint.view, enabling access to files outside the intended directory due to insufficient input validation. Documents indicate risk is a filesystem path traversal to sibling dire...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update

Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 1 security update

A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score,...

Malicious code in spring-boot-admin-virgil-custom-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3bf8c73b2a5a04555aa1692341d9861a37ad32f428b123c88751322e74c66d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1337 Malicious code in virgil-spring-boot-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1d7b81762635da58744d7567d3ac4b1bf12da5d3c72070a9d2260d40463fcdbb The OpenSSF Package Analysis project identified 'virgil-spring-boot-starter' @ 20.0.0 npm as malicious. It is considered malicious because: - Th...

forum-java 跨站脚本漏洞

forum-java is a Chinese Qbian individual developers with Java spring boot implementation of a modern community forum / Q&A / BBS / social network / blog system platform. A security vulnerability exists in Qbian61 forum-java, which stems from a cross-site scripting XSS vulnerability that allows an...

my-site 跨站脚本漏洞

my-site is WinterChenS personal developer's springboot2.0 based development of personal Web site , integrated : personal home page , personal blog , personal works . WinterChenS my-site has a security vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allo...

My-Blog 跨站脚本漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. ZHENFENG13 A security vulnerability exists in My-Blog, which stems from the presence of a cross-site scripting XSS...

Access Restriction Bypass

org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...

VMware Spring Boot < 2.7.11, 3.0.x < 3.0.6 Security Bypass Vulnerability

VMware Spring Boot is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot...

Exploit for SQL Injection in Jeecg Jeecg-Boot

CVE-2023-1454 jmreport/qurestSql – Unauthorized SQL inject...

GHSA-G5H3-W546-PJ7F Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5078 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +825 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...

cc.zhaoac:faith-core-boot (>=1.0.0 <=1.0.1), cc.zhaoac:faith-core-launch (>=1.0.0 <=1.0.1) +1019 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=2.7.10)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - cc.zhaoac:faith-tool-boot =1.1.0 - cc.zhaoac:faith-tool-common =1.1.0 - cc.zhaoac:faith-tool-launch =1.1.0 - cc.zhaoac:faith-tool-log =1.1.0 -...

cc.vihackerframework:vihacker-auth-starter (=1.0.8.R), cc.vihackerframework:vihacker-common-starter (=1.0.8.R) +786 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.0.5)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.4.0 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W546-PJ7F...

Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...

CVE-2023-20873

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...