spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

Springcve-2022-22980 spring data mongodb remote code executio...

spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

GHSA-W24X-87MR-4R23 SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

Spring Data MongoDB 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Data MongoDB that stems from vulnerability to SpEL injection when using @Query or...

BSA-2022-1768

Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...

DEBIAN-CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...

GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

VMware Spring Cloud Netflix 代码注入漏洞

Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

Netflix Spinnaker Code Issue Vulnerability

Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...

Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

Spring Boot Framework SPEL Expression Injection Vulnerability

Spring is a lightweight Java development framework . Spring Boot is a core subproject of Spring , which is designed to simplify the initial setup of new Spring applications and the development process . Spring Boot Framework SPEL Expression Injection Vulnerability. As the user adopts Spring Boot ...