EUVD-2023-2990

Malicious code in bioql PyPI...

EUVD-2023-3041

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by...

Linux Distros Unpatched Vulnerability : CVE-2018-15756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide suppor...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...

Security Bulletin: Vulnerability in Spring WebFlux affects watsonx.data

Summary Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security...

CVE-2022-24815

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +799 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=6.1.0 <=6.1.13)

org.springframework:spring-webflux MAVEN version =6.1.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.3.1, =1.0.0, =1.0.9 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2756 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.12, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

ai.optfor:spring-openai-api (>=0.2.2 <=0.3.25), app.boboc:webflux-websocket-coroutine (>=0.0.6 <=1.0.0) +661 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=6.0.0 <=6.0.23)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.2, =0.0.6, =0.0.6, =4.6.18, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

K000148958: Spring WebFlux vulnerability CVE-2024-38821

Security Advisory Description Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's...

Exploit for Code Injection in Vmware Spring_Framework

Expoitation-de-la-vuln-rabilit-CVE-2022-22965 La vulnérabilité...

Exploit for CVE-2024-38821

cve-2024-38821 Analysis: h...

CVE-2024-38821

An authorization bypass vulnerability was found in Spring WebFlux applications, impacting static resources under specific conditions. If an application uses Spring's static resources support with restricted non-permitAll authorization rules, unauthorized access to these resources may be possible...

CVE-2024-38821

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...

CVE-2024-38821

CVE-2024-38821 affects Spring WebFlux with Spring Security static resource rules. A bypass is possible when a non-permitAll authorization rule is applied to Spring’s static resources and the resources are served by a WebFlux app using Spring’s static resources support. Documents confirm this CVE ...

Spring WebFlux 安全漏洞

Spring WebFlux is a responsive stack Web framework from Spring. A security vulnerability exists in Spring WebFlux that stems from the ability to bypass Spring Security's authorization rules for static resources under certain circumstances...

PT-2024-7497

Name of the Vulnerable Software and Affected Versions: Spring WebFlux affected versions not specified Description: The issue is caused by weaknesses in the authorization procedure of the Spring Framework's WebMvc.fn and WebFlux.fn functional web frameworks. This can allow a remote attacker to...

spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...