CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

CVE-2021-22047 affects Spring Data REST: HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are exposed under URIs that may be accessible without authorization, depending on Spring Security configuration.impact is describe...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Data REST that stems from the additional disclosure of HTTP resources under the uri for custom controller...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Based on the provided code and metadata, here is a description of the repository and its contents: Repository: This repository appears to be a Maven wrapper for the Apache Maven project, specifically version 3.5.3. The repository contains metadata and configuration files for the Maven wrapper,...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Zhengjim - 漏洞复现 搭漏洞环境是一个繁琐的事情，这里记录下自己学习搭各种环境的记录。部分利用Vulhub一个面向大众的开源漏洞靶场，来搭建漏洞环境，比较方便。（主要懒！） 漏洞 1. S2-057命令执行漏洞 2. ghostscript命令执行漏洞 3. weblogic反序列化漏洞CVE-2018-2628 4. Elasticsearch-Kibana本地包含漏洞CVE-2018-17246 5. ThinkPHP5.x版本命令执行漏洞 6. WordPressRESTAPI内容注入漏洞 7. Git漏洞允许任意代码执行CVE-2018-17456 8. Apache...

spring-data-jpa: Additional information exposure with Spring Data JPA derived queries

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update

A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update

A minor version update from 7.5 to 7.6 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Spring Data JPA Installed

Binary data pivotalsoftwarespringdatajpainstalled.nbin...

Spring Data REST Installed

Binary data pivotalsoftwarespringdatarestinstalled.nbin...

Spring Data Commons Installed

Binary data pivotalsoftwarespringdatacommonsinstalled.nbin...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2019-3802

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +493 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.21.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-XGGX-FX6W-V7CH...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +1138 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.1.7.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.21 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-derby =2.0 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-h2 =2.0 -...

GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +690 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.7.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.1, =0.0.8 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-X...

Design/Logic Flaw

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...