CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

Design/Logic Flaw

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

CVE-2022-32430

Lin CMS Spring Boot v0.2.1 has an access control flaw that allows unauthenticated attackers to access backend information and functions. The nuclei template and Red Hat/GHSA entries describe a hardcoded/default JWT token scenario enabling unauthorized access, potentially compromising backend admi...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

PT-2022-21318 · Unknown · Lin-Cms Springboot

Name of the Vulnerable Software and Affected Versions: Lin CMS Spring Boot version 0.2.1 Description: An access control issue allows attackers to access the backend information and functions within the application. Recommendations: For Lin CMS Spring Boot version 0.2.1, consider restricting acces...

Lin CMS Spring Boot 安全漏洞

Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...

Spring Tips: Kubernetes Native Java (Redux, 2022)

Hi, Spring fans! In this installment, Josh Long @starbuxman looks at some of the amazing opportunities for building Spring Boot applications intended for production in Kubernetes in mid 2022. The code, as usual, is available on the spring-tips Github organization...

GHSA-CM59-PR5Q-CW85 Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. The vulnerable method is used to create a work directory for embedd...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +14522 more potentially affected by CVE-2022-27772 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.2.10.RELEASE)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2022-27772 Source advisory: OSV:GHSA-CM59-PR5Q-CW85...

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a Bijou template . A security vulnerability exists in Mini-Tmall v1.0. An attacker exploits the vulnerability to perform an insecure privilege attack via tomcat-embed-jasper...

This Week in Spring - July 5th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This weeks all sorts of weird for me. Its Tuesday! But here in the US we just celebrated the 4th of July, and I, like many Americans, took a long weekend. Took some time with the family to do a little road trip up north to...

This Week in Spring - June 28th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Im writing this from the Big Apple, New York City! Im here for the SpringOne Tour 2022 NYC event. This is my first time back in New York City since before the pandemic and it has been so much fun. Ive been catching up with...

Spring Tools 4.15.1 released

Dear Spring Community, I am happy to announce the 4.15.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia. fixes and improvements Spring Boot fixed: VScode incorrectly suggests removing @Autowired annotation from methods 787 Spring Boot fixed: VScode quick fix should not...

This Week in Spring - June 14th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just arrived in beautiful Berlin, Germany, for the forthcoming We Are Developers show with more than five thousand attendees. I was in Toronto, Canada, for the epic SpringOne Tour installment there. Ive also had the...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

Apache Shiro < 1.8.0 Authentication Bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

com.github.paulcwarren:content-rest-spring-boot-starter (=1.2.0), com.github.paulcwarren:spring-content-rest (=1.2.0) +18 more potentially affected by CVE-2021-22047 via org.springframework.data:spring-data-rest-core (>=3.4.0 <=3.4.13)

org.springframework.data:spring-data-rest-core MAVEN version =3.4.0, =1.5.0, =1.5.0, =1.5.0, =0.9.0, =0.3.0, =1.5.0, =2.4.0, =2.7.3, =2.7.3, =2.7.3, =2.7.3, =2.7.4 and more Source cves: CVE-2021-22047 Source advisory: OSV:GHSA-4926-QPXG-6R3Whttps://vulners.co...

Preparing for Spring Boot 3.0

Spring Boot 2.0 was the first release in the 2.x line and was published on Feburary 28th 2018. Weve just released Spring Boot 2.7 which means that, so far, weve been maintaining the 2.x line for just over 4 years. In total weve published 95 distinct releases over that timeframe! The entire Spring...