SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...

Semrush: Critically Sensitive Spring Boot Endpoints Exposed

Spring Boot includes a number of additional features to help you monitor and manage your application when you push it to production. Hacker found that actuator endpoints containing potentially sensitive data such as internal tokens and service data were left public. Semrush has a microservices...

PT-2022-2032

Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.20 and 5.3.18 Spring Boot versions prior to 2.5.12 and 2.6.6 libspring-aop-java - 4.3.22-4ubuntu0.1esm1 libspring-beans-java - 4.3.22-4ubuntu0.1esm1 libspring-context-java - 4.3.22-4ubuntu0.1esm1...

Stripo Inc: Memory Dump and Env Disclosure via Spring Boot Actuator

Memory Dump and Env Disclosure via Spring Boot Actuator Spring boot actuator files/endpoints can be accessed via path like stripo.email/██████/actuator/, including a 110 MB heapdump file, which expose source code, private keys and some internal data! The maximum severity of this asset is medium, ...

SQL Injection Vulnerability in ERP-PRO

ERP-PRO is based on SpringBoot 2.X framework for small and medium-sized enterprises to build open source good ERP software. ERP-PRO suffers from SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive information in the database...

Low: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.10 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Unauthorized Access Vulnerability in Huaxia ERP

Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . Huaxia ERP has an unauthorized access vulnerability that can be exploited by attackers to...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6.SP2 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SQL Injection Vulnerability in Mini-Tmall Framework Front and Backend

Mini Tmall Mini Tmall is a Spring Boot-based integrated B2C e-commerce platform, the requirements of the design of the main reference Tmall shopping process: users start from registration, to complete the login, browse the products, add a shopping cart, place an order, confirm receipt, evaluation...

Unauthorized Access Vulnerability in JeewxBoot of Beijing National Torch Information Technology Co.

JeewxBoot is a SpringBoot-based open source WeChat housekeeper system , using SpringBoot2.1.3 Mybatis + Velocity framework technology. Beijing State Torch Information Technology Co. JeewxBoot has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive informati...

cn.strongculture:prometheus-spring-boot-starter (=1.0.0), com.buession.springcloud.stream:buession-springcloud-stream-core (>=2.2.1 <=2.3.3) +105 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.3.0.RELEASE, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.15 security and bug fix update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...

Engel & Völkers Technology GmbH: Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com

Summary: The Spring Boot Actuators are exposing critical information on gonext-stage.engelvoelkers.com such as the last 100 HTTP requests made to the server including cookies, paths, etc and the environment configuration. The endpoints are the following: - /trace - /env - /mappings - /configprops...

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2638 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

XSS Vulnerability in My-Blog-layui

My-Blog-layui by SpringBoot + Layui + Mybatis + Thymeleaf and other technologies to achieve the Java blog system . My-Blog-layui has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints

This bug was reported directly to GitHub Security Lab...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.12 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...