Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cau...

Oracle MySQL Enterprise Monitor (October 2023 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Struts. Supported versions...

This Week in Spring - October 17th, 2023

Hi, Spring fans! Welcome to yet another installment of This Week in Spring! It's October 17th, 2023, and I am here in Montreal, Canada, and then I'm off to Salt Lake City, Utah on Thursday for the Java User Group there. Don't miss it! We've got a lot to cover this week so let's dive right into it...

Runtime efficiency with Spring (today and tomorrow)

With Spring Framework 6.1 and Spring Boot 3.2 general availability approaching, we would like to share an overview about several efforts the Spring team is pursuing to allow developers to optimize the runtime efficiency of their applications. We are going to cover the following technologies and u...

Security Bulletin: IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation

Summary IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression,...

Security Bulletin: IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service

Summary IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit thi...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary A vulnerability contained within Open SSL was addressed in the IBM MaaS360 Cloud Extender VPN Module. Vulnerabilities contained within Spring Framework and Eclipse Jetty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG. Vulnerability Details...

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

This Week in Spring - September 19th, 2023 (Java 21 Edition)

Hi, Spring fans! Welcome to another installment of This Week in Spring - Java 21 edition! The big news, indeed, the biggest news, is that Java 21 is now available here! You should use SDKMAN to install it, like this: sdk install java 21-graalce && sdk default java 21-graalce. This install givews...

PT-2023-36020 · Spring · Spring

Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...

The vulnerability of the Spring Framework software, related to errors in processing SpEL expressions, allows attackers to execute arbitrary code.

The vulnerability of the Spring Framework software is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell: CVE-2022-22965 RCE Java Spring framework RCE...

This Week in Spring - August 29th, 2023 - the post SpringOne recovery blog

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm exhausted. Seriously. Last week was mental. If you need me, I'll be over sipping on a tea... But, before that, there's a ton of things to cover from this last week, as always, and there's no rest for the curious, so let's...

My SpringOne 2023 Recap

Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...

Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL

In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

Spring Framework 代码问题漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from the presence of a deserialization vulnerability that allows the...