1879 matches found
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20861
CVE-2023-20861 is a Spring Framework DoS vulnerability caused by the ability to submit a specially crafted SpEL expression. Affected: Spring Framework 6.0.0–6.0.6; 5.3.0–5.3.25; 5.2.0.RELEASE–5.2.22.RELEASE and older unsupported versions. Exploitation could lead to denial of service; no exploit d...
This Week in Spring - March 21st, 2023
Hi, Spring fans! Welcome to another rip roaring installment of This Week in Spring! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course, is just another amazing installment before Java 21, which comes out in six short months, includin...
VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Linux
The VMware Spring Framework is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Windows
The VMware Spring Framework is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.2.23, 5.3.x < 5.3.26, 6.0.x < 6.0.7 DoS Vulnerability - Linux
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.2.23, 5.3.x < 5.3.26, 6.0.x < 6.0.7 DoS Vulnerability - Windows
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2023-2259
Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.25 Spring Framework versions 6.0.0 through 6.0.6 Description The issue is related to a mismatch in pattern matching between Spring Security and Spring MVC when using "" as a pattern in Spring Securit...
Kotlin DSLs in the world of Springdom
Kotlin is a beautiful language that makes it trivial to take old Java libraries and make them much more concise, just by virtue of the Kotlin syntax itself. It shines, however, when you write DSLs. Here's some inside baseball for you: the Spring teams do their level-headed best to be cohesive, to...
A Bootiful Podcast: Google Cloud Java Advocate Aaron Wanjala
Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Google Cloud Java advocate Aaron Wanjala @ AaronMDubya about Spring Framework for Google Cloud...
Atlassian Jira < 9.6.0 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...
Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Cognos Command Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring...
K29042031: Multiple Spring Framework vulnerabilities
Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...
K11510688: Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963
Security Advisory Description Spring Framework RCE Spring4Shell: CVE-2022-22965 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the...
K18193959: Spring Framework vulnerability CVE-2018-1258
Security Advisory Description Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CVE-2018-1258 Impact Traffix SD...
K31022653: Spring Framework vulnerability CVE-2018-1257
Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...
SUSE CVE-2016-9878
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks...
SUSE CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
SUSE CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...