CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

CVE-2024-6679

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

PT-2024-37797 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may b...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...

A Bootiful Podcast: Spring Security community legend Laur Spilca

Hi, Spring fans! In this installment I talk to Spring Security community legend Laur Spilca, live from the Spring I/O show in beautiful Barcelona!...

Atlassian Confluence 1.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95840)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95840 advisory. - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

spring-security: Broken Access Control With Direct Use of AuthenticatedVoter

A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter...

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

Important: Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

Atlassian Jira Service Management Data Center and Server < 5.4.20 / 5.5.x < 5.12.7 / 5.13.x < 5.15.2 Broken Access Control (JSDSERVER-15307)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15307 advisory. - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to...

spring-security: Broken Access Control With Direct Use of AuthenticatedVoter

A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter...

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE-2022-22978-demo Example code for the CVE-2022-22978 vuln...

Improper Authorization org.springframework.security:spring-security-core Dependency in Confluence Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

This Week in Spring - April 30th, 2024

Welcome to yet another amazing installment of This Week in Spring! As usual, we've got a ton of stuff to get into, so let's dive right into it! Chris Bono announces the new versions of Spring Functions Catalog and Spring Cloud Streams Applications In last week's installment of A Bootiful Podcast,...