1267 matches found
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.12 security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6 security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing
GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secre...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6330 more potentially affected by CVE-2020-9547 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.5)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2020-9547 Source advisory: OSV:GHSA-Q93H-JC49-78GG...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6330 more potentially affected by CVE-2020-9548 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.5)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2020-9548 Source advisory: OSV:GHSA-P43X-XFJF-5JHR...
Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution
Pivotal Spring Boot is a Java framework designed to help developers create minimal Spring based applications. Spring applications provide the Spring Expression Language SpEL which is a powerful expression language for querying and manipulating an object graph at runtime. Spring Boot versions belo...
LY Corporation: Spring Actuator endpoints publicly available and broken authentication
Due to insufficient access control, it was possible to access the Spring Boot Actuator endpoints /heapdump and /env. @kazan71p identified two highly sensitive applications leaking information through these endpoints. The LINE Security team shutdown the secondary endpoints just as it was discovere...
Spring Boot Installed
Binary data pivotalsoftwarespringbootinstalled.nbin...
Stripo Inc: Open memory dump method leaking customer information ,secret keys , password , source code & admin accounts
Summary: Stripo uses Spring boot for the backend API development , and misconfigured the application to open actuator APIs to the public. This issue is found in 3 domains , don't know if I need to publish 3 reports for that, or just one report , but the domains are :...
XSS Vulnerability in Huaxia ERP System
Huaxia ERP based on the SpringBoot framework , SaaS model , aspires to provide small and medium-sized enterprises with open source good ERP software , currently focusing on sales and inventory + financial functions . Huaxia ERP system has an XSS vulnerability that can be exploited by attackers to...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6217 more potentially affected by CVE-2019-14439 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.3)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2019-14439 Source advisory: OSV:GHSA-GWP4-HFV6-P7HW...
aero.champ:cargojson (=1.0), ai.active:webhook-sdk (>=1.0.0 <=1.0.4) +30538 more potentially affected by CVE-2019-12384 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.9)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =1.0.0, =4.4.0.0, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.1.2, =0.1.7 - ai.genauth:genauth-java-sdk =3.1.11 - ai.grakn.kgms:client =1.4.3 and more Source cves: CVE-2019-12384 Source advisory:...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6217 more potentially affected by CVE-2019-12384 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.3)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2019-12384 Source advisory: OSV:GHSA-MPH4-VHRX-MV67...
CVE-2019-9186
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
CVE-2019-9186
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
CVE-2019-9186
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
Default configuration
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
UBUNTU-CVE-2019-9186
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
CVE-2019-9186
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...
CVE-2019-9186
In JetBrains IntelliJ IDEA, the Spring Boot run configuration could allow remote code execution because a JMX server listened on all network interfaces instead of only localhost. Affected versions were fixed in 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. The CVE is CVE-2019-9186. Public d...