1241 matches found
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
Security feature bypass
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
CVE-2023-20873
CVE-2023-20873 affects VMware Tanzu Spring Boot deployed in Cloud Foundry, enabling a security bypass due to a wildcard pattern matching flaw in Spring Boot’s access controls. Public references in the CVE describe impact on VMware Tanzu Spring Boot and related IBM deployments, with remediation th...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
PT-2023-17684 · Unknown · Spring Boot
Name of the Vulnerable Software and Affected Versions: Spring Boot versions 3.0.0 through 3.0.5 Spring Boot versions 2.7.0 through 2.7.10 Spring Boot older unsupported versions Description: An application that is deployed to Cloud Foundry could be susceptible to a security bypass. Recommendations...
This Week in Spring - April 18th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...
A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security
Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...
A Bootiful Podcast: José Paumard, Java Champion alumnus and Java legend, on Project Loom, Valhalla, and more, from Devnexus 2023!
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast. In this installment I'll talk to legendary Oracle Java Champion alumnus, Java advocate, professor emeritus, and all around amiable fellow José Paumard, recorded at the amazing Devnexus 2023 event! José's English-language Youtu...
A Bootiful Podcast: Spring Integration lead Artem Bilan on the latest in Spring Integration 6
Hi, Spring fans! In this installment Josh Long @starbuxman talks to Spring Integration lead Artem Bilan @artembilan about the latest and greatest in Spring Integration. Spring Integration makes it easier to connect an increasingly larger ecosystem of disparate services and systems. SHOW NOTES: I...
This Week in Spring - March 28th, 202
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm reporting to you from Los Angeles, where my family and I have gone for my daughter's spring break. We're going to survey some prospective colleges and we're going to Disneyland. Needless to say, I'm doubly glad to have al...
Context Propagation with Project Reactor 1 - The Basics
This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Boot 3 and Spring Framework 6 brought us a unified and consistent way to enable Observability in applications that use Micrometer. The evolution from...
A Bootiful Podcast: Mark Thomas, Apache Tomcat contributor extraordinaire
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long talks to longtime Apache Tomcat contributor extraordinaire Mark Thomas I wrote a free white paper on using Spring Boot 3 AOT and GraalVM. Learn the secrets to working with Spring Boot 3 and Graal...
This Week in Spring - March 21st, 2023
Hi, Spring fans! Welcome to another rip roaring installment of This Week in Spring! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course, is just another amazing installment before Java 21, which comes out in six short months, includin...
Spring Tips: Vaadin Flow and Spring Boot 3
Hi, Spring fans! In this installment, we'll look at the fantastic Vaadin Flow library, which has recently been updated for Spring Boot 3, and how it can help you be happier. the code is available, as usual, here this episode features special guest Marcus Hellberg, VP developer relations from...
A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine on the latest and greatest in 2023
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long @starbuxman talks to Spring Batch lead Mahmoud Ben Hassine @FMBENHASSINE about the latest and greatest in Spring Batch. notes Submit your talk to SpringOne@Explore, being held August 21-24, 2023,...
My-Blog 跨站脚本漏洞
My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. My-Blog has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service via the...
cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +37 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.12)
org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.chinagoods.framework.thinkcloud:think-cloud-starter-business =3.1.7.RELEASE - com.chinagoods.framework.thinkcloud:think-cloud-starter-controller =3.1.7.RELEASE -...
cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +102 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.21)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2023-23638 Source advisory: OSV:GHSA-933G-V89R-X8...