1267 matches found
Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
GHSA-XX65-CC7G-9PFP Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
com.github.microwww:mocker-redis-spring-boot-autoconfigure (>=0.0.1 <=3.0.0), com.github.microwww:mocker-redis-spring-boot-starter (>=0.0.1 <=3.0.2-2.8) +79 more potentially affected by CVE-2018-1196 via org.springframework.boot:spring-boot (=1.5.0.RELEASE)
org.springframework.boot:spring-boot MAVEN version =1.5.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.boot:spring-boot and may be impacted: - com.github.microwww:mocker-redis-spring-boot-autoconfigure =0.0.1, =0.0.1,...
Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot 1.5.16 update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
cn.youweisoft:sparrow-permission (>=1.4.0 <=1.6.0), com.bucket4j:bucket4j-ignite (>=7.6.1 <=8.10.1) +267 more potentially affected by CVE-2018-8018 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.5.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =1.4.0, =7.6.1, =8.11.0, =8.11.0, =8.0.0, =1.0.0, =3.0.0-beta1, =0.1.2, =1.5.1, =2.0, =0.0.1, =1.1.0 - com.github.itzmedinesh:micro-cache-grid =1.0.0 and more Source cves: CVE-2018-8018 Source advisory: OSV:GHSA-QCJV-WFCG-MMPR...
spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Pivotal Spring Boot Elevation of Privilege Vulnerability
Pivotal Spring Boot is the U.S. Pivotal Software, Inc. of a new framework used to simplify the initial setup of new Spring applications as well as the development process. A security vulnerability exists in Pivotal Spring Boot versions 1.5.0 through 1.5.9 and 2.0.0.M1 through 2.0.0.M7. An attacke...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2018-1196
The CVE-2018-1196 issue affects Spring Boot when using the embedded launch script to run as a systemd/init.d service. The root cause is a symlink attack on the run_user, enabling overwriting/taking ownership of files on the same system if the app is installed as a service and the run_user has she...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...
CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
Symlink Privilege Escalation
spring-boot-loader-tools is vulnerable to symlink privilege escalation attacks. The runuser can overwrite and take over ownership of any file on the system by using a symlink attack. The application must be installed as a service and the runuser must have shell access in order to successfully...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Code injection
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...