1124 matches found
Security Restriction Bypass
spring-boot-actuator is vulnerable to security restriction bypass. Lack of secure handling of HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping causes the exposure of those resources and request mapping, leading to...
CVE-2021-22047
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...
CVE-2021-22047
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...
CVE-2021-22047
CVE-2021-22047 affects Spring Data REST: HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are exposed under URIs that may be accessible without authorization, depending on Spring Security configuration.impact is describe...
VMware Spring Security 安全漏洞
VMware Spring Security is a set of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Data REST that stems from the additional disclosure of HTTP resources under the uri for custom controller...
in alovoa/alovoa
✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. 🕵️♂️ Proof of Concept org.springframework.security spring-security-oauth2-client...
br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...
com.c4-soft.springaddons:spring-security-test-oauth2-addons (=1.0.0), com.epam.reportportal:service-authorization (=5.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.2.0.RELEASE)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...
cc.vihackerframework:vihacker-auth-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-common-starter (>=1.0.4.R <=1.0.6.R) +605 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.5.0)
org.springframework.security:spring-security-core MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - cc.vihackerframework:vihacker-auth-starter =1.0.4.R, =1.0.4....
com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...
com.azure.spring:azure-spring-boot-starter-active-directory-b2c (=3.6.0), com.okta.idx.sdk:okta-idx-java-embedded-sign-in-widget (>=0.1.0-beta.8 <=1.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.5.0)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...
GHSA-W9JG-GVGR-354M Resource Exhaustion in Spring Security
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
ai.ylyue:yue-library-auth-client (>=j8.2.4.0 <=j11.2.4.0), ai.ylyue:yue-library-auth-service (>=j8.2.4.0 <=j11.2.4.0) +1434 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.4.0 <=5.4.6)
org.springframework.security:spring-security-core MAVEN version =5.4.0, =j8.2.4.0, =j8.2.4.0, =0.1.0-alpha, =0.1.0-alpha, =2.0.3, =2.0.3, =2.0.3, =1.0.0, =0.0.1, =8.1.0.371, =8.1.0.304, =8.1.0.578.141 and more Source cves: CVE-2021-22119 Source advisory: OSV:GHSA-W9JG-GVGR-354M...
Resource Exhaustion in Spring Security
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
com.buession.cas:buession-cas-core (>=1.1.1 <=1.1.2), com.buession.cas:buession-cas-metrics (>=1.1.1 <=1.1.2) +65 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.3.0.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.buession.cas:buession-cas-core =1.1.1, =1.1.1,...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
Authorization
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...