ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2588 more potentially affected by CVE-2019-11272 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.12.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2019-11272 Source advisory: OSV:GHSA-V33X-PRHC-GPH5...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6217 more potentially affected by CVE-2019-12086 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.3)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2019-12086 Source advisory: OSV:GHSA-5WW9-J83M-Q7QX...

com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=1.0.0 <=1.1.0), com.yoozoo.protoconf:protoconf-java (>=0.2.2 <=0.2.3) +9 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.0.0.RELEASE <=2.0.3.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.0.0.RELEASE, =1.0.0, =0.2.2, =1.0.2, =0.0.2, =Darwin.RELEASE, =0.2.1.RELEASE, =2.0.0.RELEASE, =2.0.3.RELEASE - xyz.weechang:moreco-cloud-config =0.0.1 Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

VulnCheck KEV: CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

xss vulnerability in jeeweb frontend

JeeWeb is an agile development system based on SpringBoot 2+Spring+Mybatis+Hibernate An xss vulnerability exists in the frontend of jeeweb, which can be exploited by an attacker to obtain an administrator cookie...

File Upload Vulnerability in Geek-Framework

Geek-Framework is built on the basis of SpringBoot, a Java foundation development framework . Geek-Framework has a file upload vulnerability that can be exploited by an attacker to gain control of a web server...

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), ai.hyacinth.framework:core-service-gateway-server (=0.5.0) +1506 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...

Spring Boot Actuator Command Execution Vulnerability

Actuators are one of the four main features proposed in Spring Boot to simplify Spring development. A command execution vulnerability exists in Spring Boot Actuator, which can be exploited by an attacker to execute arbitrary commands by constructing a malicious request...

Spring Boot Actuator Module Command Execution Vulnerability

Spring Boot Acuatorr can help you monitor and manage your Spring Boot applications, such as health checks, auditing, statistics and HTTP tracing. A command execution vulnerability exists in the Spring Boot Actuator module. The vulnerability is realized by using JNDI through Spring Boot Actuator's...

br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +284 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.4.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =1.0.0, =1.0.6, =1.0.6, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...

com.github.chrisgleissner:spring-batch-rest-api (>=1.0.3 <=1.2.7), com.github.chrisgleissner:spring-batch-rest-example (>=1.0.3 <=1.2.7) +7 more potentially affected by CVE-2019-3774 via org.springframework.batch:spring-batch-core (=4.1.0.RELEASE)

org.springframework.batch:spring-batch-core MAVEN version =4.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.batch:spring-batch-core and may be impacted: - com.github.chrisgleissner:spring-batch-rest-api =1.0.3, =1.0.3,...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-14721 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-14721 Source advisory: OSV:GHSA-9MXF-G3X6-WV74...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-19360 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-19360 Source advisory: OSV:GHSA-F9HV-MG5H-XCW9...

com.microsoft.azure:azure-active-directory-b2c-spring-boot-starter (>=2.1.4.M1 <=2.1.6.M2), com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.1.0 <=2.1.0) +4 more potentially affected by CVE-2018-15801 via org.springframework.security:spring-security-oauth2-jose (>=5.1.10.RELEASE <=5.1.1.RELEASE)

org.springframework.security:spring-security-oauth2-jose MAVEN version =5.1.10.RELEASE, =2.1.4.M1, =1.1.0, =1.2.0, =1.2.0, =2.1.0.RELEASE, =2.1.0.RELEASE, =2.1.18.RELEASE Source cves: CVE-2018-15801 Source advisory: OSV:GHSA-27XW-P8V6-9JJR...

Arbitrary Password Reset Vulnerability in Ruoyi Management System

Ruoyi management system is a SpringBoot2.0 based on the use of Spring, MyBatis, Shiro rights management system . Ruoyi Management System has an arbitrary password reset vulnerability that can be exploited by an attacker to reset any user's password...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

Denial of service

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756 DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...