SUSE CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

TIBCO JasperReports Server 6.x < 6.2.5 / 6.3.0 / 6.3.2 / 6.3.3 / 6.4.0 / 6.4.2 Information Disclosure (CVE-2018-5430)

According to its self-reported version, the instance of TIBCO JasperReports Server running on the remote web server is 6.x 6.2.5, 6.3.0, 6.3.2, 6.3.3, 6.4.0, or 6.4.2. It is, therefore, affected by an information disclosure vulnerability in the Spring web flows component that can allow any...

This Week in Spring - November 22nd, 2022 - Spring Boot 3 and Thanksgiving edition!

Hi, Spring fans! Its Tuesday, the 22nd of November, 2022, as I write this, which means were two days away from Spring Boot 3 and Thanksgiving. Spring Boot 3, Ive written about in abundance so I wont rehash that. If you want to learn more about some of the amazing new features in Spring Framework ...

This Week in Spring - October 25th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...

This Week in Spring - October 18th, 2022

Hi, Spring fans! Howre you doin? Im doin alright! Last week I was in Antwerp, Belgium, for the amazing Devoxx BE show. I did a presentation with my friend and hero James Ward on Spring and Kotlin that was voted third most-liked talk at a show with more than 250 speakers! That was a personal caree...

Spring Web Flow 3.0 M1 Released

It has been almost 4 years since the last set of Spring Web Flow releases. Nevertheless, the project continues to serve a specific need particularly well, arguably better than alternatives, and remains in active use. While there hasnt been a strong driver for new releases, the upcoming Spring...

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +3253 more potentially affected by CVE-2021-22118 via org.springframework:spring-web (>=5.2.0.RELEASE <=5.2.14.RELEASE)

org.springframework:spring-web MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.1.RELEASE -...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +16017 more potentially affected by CVE-2021-22118 via org.springframework:spring-web (>=5.3.0 <=5.3.6)

org.springframework:spring-web MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =4.6.0.0 - ai.apiverse:apipulse =1.0.1 and more Source cves: CVE-2021-22118 Source advisory: OSV:GHSA-GFWJ-FWQJ-FP3V...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +38104 more potentially affected by CVE-2016-1000027 via org.springframework:spring-web (>=1.2.1 <=5.3.9)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2016-1000027 Source advisory: OSV:GHSA-4WRC-F8PQ-FPQP...

GHSA-Q4V9-QJMW-J7VF Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-FG9W-CFFM-PMH2 Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

at.molindo.social:spring-social-config (=1.1.0.RELEASE), at.molindo.social:spring-social-security (=1.1.0.RELEASE) +412 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.7.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =1.4.0, =0.0.2, =0.10.1, =0.10.1, =1.0.15-RELEASE, =1.0.16-RELEASE and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +5434 more potentially affected by CVE-2013-6429 via org.springframework:spring-web (>=1.2.1 <=3.2.4.RELEASE)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.0, =0.0.20, =1.0.0-alpha-1, =1.0, =2.0, =1.1.1, =1.0.2, =1.1.2, =1.2, =1.3 and more Source cves: CVE-2013-6429 Source advisory: OSV:GHSA-G6HF-F9CQ-Q7W7...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +5132 more potentially affected by CVE-2013-6430 via org.springframework:spring-web (>=1.2.1 <=3.2.1.RELEASE)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.0, =0.0.20, =1.0.0-alpha-1, =1.0, =2.0, =1.1.1, =1.0.2, =1.1.2, =1.2, =1.3 and more Source cves: CVE-2013-6430 Source advisory: OSV:GHSA-XJRF-8X4F-43H4...

GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update

A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...