spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

Springcve-2022-22980 spring data mongodb remote code executio...

spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

GHSA-W24X-87MR-4R23 SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

Spring Data MongoDB 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Data MongoDB that stems from vulnerability to SpEL injection when using @Query or...

BSA-2022-1768

Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

DEBIAN-CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created SpEL expression...

The vulnerability of the Spring module routing mechanism, which facilitates business logic through Spring Cloud Function services, allows attackers to gain unauthorized access to local resources or cause service failures.

The vulnerability of the Spring module routing mechanism for promoting business logic using Spring Cloud Function is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to...

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...

The vulnerability of the Apache ShenYu software lies in its incorrect code generation management, allowing attackers to execute arbitrary code.

The vulnerability of the Apache ShenYu software is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using Groovy Code injection or SpEL injection...

GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

VMware Spring Cloud Netflix 代码注入漏洞

Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

Netflix Spinnaker Code Issue Vulnerability

Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...