98 matches found
Apache Ambari 安全漏洞
Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari, which originates from a SpringEL injection in the metrics source and...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
OSV-2023-517 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60112 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.TypeVariableImpl.hashCode java.base/java.util.Arrays.hashCode...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
Denial Of Service (DoS)
Spring Expression Language is vulnerable to Denial Of Service DoS. The vulnerability exists in the doParseExpression function of InternalSpelExpressionParser.java because the SpEL expression length is not restricted which allows an attacker to cause an application crash...
GHSA-WXQC-PXW9-G2P8 Spring Framework vulnerable to denial of service
In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial-of-service DoS condition...
DEBIAN-CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
UBUNTU-CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
DEBIAN-CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
PT-2023-2099 · Spring +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.0.RELEASE through 5.2.22.RELEASE Spring Framework versions 5.3.0 through 5.3.25 Spring Framework versions 6.0.0 through 6.0.6 Description: The issue is related to unlimited resource distribution in the Spring...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 6.0.0 through 6.0.6, 5.3.0 through 5.3.25, 5.2.0 through 5.2.22, and...
Nepxion 安全漏洞
Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...
PT-2022-16005 · Nepxion · Nepxion Discovery
Name of the Vulnerable Software and Affected Versions: Nepxion Discovery affected versions not specified Description: The issue is related to SpEL Injection in discovery-commons, where the DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext. This allow...
VulnCheck KEV: CVE-2022-22963
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...
Expression Language Injection
Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...
spring-expression: Denial of service via specially crafted SpEL expression
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...