Hitachi Vantara Pentaho 授权问题漏洞

Hitachi Pentaho is a service from Hitachi Japan for storing and managing data in a Big Data environment. An authorization issue vulnerability exists in Hitachi Vantara Pentaho that stems from an issue discovered in Hitachi Vantara Pentaho via 9.1 and Pentaho Business Intelligence Server via 7.x...

Security Restriction Bypass

spring-boot-actuator is vulnerable to security restriction bypass. Lack of secure handling of HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping causes the exposure of those resources and request mapping, leading to...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

CVE-2021-22047 affects Spring Data REST: HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are exposed under URIs that may be accessible without authorization, depending on Spring Security configuration.impact is describe...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Data REST that stems from the additional disclosure of HTTP resources under the uri for custom controller...

in alovoa/alovoa

✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. 🕵️‍♂️ Proof of Concept org.springframework.security spring-security-oauth2-client...

The vulnerability of the Java framework for securing industrial applications using Spring Security, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by initiating authentication requests, thereby providing...

br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...

com.c4-soft.springaddons:spring-security-test-oauth2-addons (=1.0.0), com.epam.reportportal:service-authorization (=5.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.2.0.RELEASE)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...

cc.vihackerframework:vihacker-auth-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-common-starter (>=1.0.4.R <=1.0.6.R) +605 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.5.0)

org.springframework.security:spring-security-core MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - cc.vihackerframework:vihacker-auth-starter =1.0.4.R, =1.0.4....

com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...

com.azure.spring:azure-spring-boot-starter-active-directory-b2c (=3.6.0), com.okta.idx.sdk:okta-idx-java-embedded-sign-in-widget (>=0.1.0-beta.8 <=1.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.5.0)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...

GHSA-W9JG-GVGR-354M Resource Exhaustion in Spring Security

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

ai.ylyue:yue-library-auth-client (>=j8.2.4.0 <=j11.2.4.0), ai.ylyue:yue-library-auth-service (>=j8.2.4.0 <=j11.2.4.0) +1434 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.4.0 <=5.4.6)

org.springframework.security:spring-security-core MAVEN version =5.4.0, =j8.2.4.0, =j8.2.4.0, =0.1.0-alpha, =0.1.0-alpha, =2.0.3, =2.0.3, =2.0.3, =1.0.0, =0.0.1, =8.1.0.371, =8.1.0.304, =8.1.0.578.187 and more Source cves: CVE-2021-22119 Source advisory: OSV:GHSA-W9JG-GVGR-354M...

Resource Exhaustion in Spring Security

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

com.buession.cas:buession-cas-core (>=1.1.1 <=1.1.2), com.buession.cas:buession-cas-metrics (>=1.1.1 <=1.1.2) +65 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.3.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.buession.cas:buession-cas-core =1.1.1, =1.1.1,...

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

Authorization

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...