42 matches found
DEBIAN-CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
PT-2026-30805
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...
Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)
Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-6.2.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-6.2.5.jar Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter...
Malicious code in spring-context (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6129 Malicious code in spring-context (npm)
The package communicates with a domain associated with malicious activity...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...
Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)
Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7517 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.0.0 <=6.0.23)
org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15299 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.2.0 <=6.2.6)
org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to an incomplete fix for CVE-2024-38820, where it is still possible to bypass the disallowedFields checks. Note: This vulnerability was also fixed in commercial versions 6.0.28 and 5.3.43...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15299 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.2.0 <=6.2.6)
org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2024-38820, CVE-2025-22233 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10176071...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.1.1 <=0.112.0) +8259 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.1.0 <=6.1.13)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7517 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)
org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
cn.dynamictp:dynamic-tp-example-nacos (>=1.0.8 <=1.1.2), cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.18) +75 more potentially affected by CVE-2023-39106 via com.alibaba.nacos:nacos-spring-context (>=0.1.0-RC1 <=1.1.1)
com.alibaba.nacos:nacos-spring-context MAVEN version =0.1.0-RC1, =1.0.8, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =0.1.0, =0.1.0, =0.1.10, =0.1.10, =0.1.10, =0.1.10, =2.0.0, =2.0.0, =2.0.0-beta8 - com.gitee.pulanos.pangu:pangu-framework =5.0.0 and more Source cves: CVE-2023-39106 Source advisory:...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +39177 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=1.2.1 <=5.2.20.RELEASE)
org.springframework:spring-context MAVEN version =1.2.1, =1.1, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.0.51 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...