UBUNTU-CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 5.3.0 through 5.3.38, which stems from the possibility that a user may supp...

OSV-2024-1018 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67071 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa...

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-7271 · Spring +1 · Spring Framework +1

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.38 Spring Framework older unsupported versions Description: The issue is related to the Spring Expression Language SpEL in Spring Framework. It is possible for a user to provide a specially crafted...

DataGear Security Breach

DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...

GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...

VulnCheck KEV: CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

OpenMetadata Security Vulnerabilities

OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.3.1 that stems from a SpEL injection vulnerability in PUT...

OpenMetadata Security Vulnerabilities

OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4 that stems from a SpEL injection vulnerability in PUT...

OpenMetadata Security Vulnerabilities

OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4, which stems from a SpEL injection...

PT-2024-3066 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the CompiledRule::validateExpression method, which evaluates an SpEL expression using a StandardEvaluationContext. This allows the expression to interact with Java...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

PT-2023-35623 · Spring · Spring

Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...