1124 matches found
CVE-2021-22119
CVE-2021-22119 affects Spring Security: DoS via initiation of OAuth 2.0 Authorization Requests in Web and WebFlux clients. Affected versions include 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10, and 5.2.x before 5.2.11. Impact is denial of service (resource exhaustion) with a singl...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
VMware Spring Security 安全漏洞
VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Security that allows an attacker to send multiple requests to initiate authorization requests granted by the...
cash.muro:cashid4spring (>=0.1.0-alpha <=0.1.0-alpha2), cash.muro:cashidss (=0.1.0-alpha) +710 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=5.4.0 <=5.4.3)
org.springframework.security:spring-security-web MAVEN version =5.4.0, =0.1.0-alpha, =0.1.0-alpha, =0.0.1, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.578.141 and more Source cves: CVE-2021-22112 Source...
br.com.damsete:logging (=0.0.2), br.com.damsete:spring-security-jwt (=0.0.1) +1422 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=5.3.0.RELEASE <=5.3.7.RELEASE)
org.springframework.security:spring-security-web MAVEN version =5.3.0.RELEASE, =1.0.1, =0.5.0.RELEASE, =0.0.1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3, =0.3, =0.3, =0.5 and more Source cves: CVE-2021-22112 Source advisory: OSV:GHSA-GQ28-H5VG-8PRX...
GHSA-GQ28-H5VG-8PRX Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.11) +4733 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.2.8.RELEASE)
org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.3, =0.3, =0.3, =0.6 and more Source cves: CVE-2021-22112 Source advisory: OSV:GHSA-GQ28-H5VG-8PRX...
Incorrect Authorization in Spring Cloud Netflix Zuul
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
GHSA-VWPG-F6GW-RJVF Incorrect Authorization in Spring Cloud Netflix Zuul
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-31408
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Cross site request forgery (csrf)
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
CVE-2021-22112
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
Authentication flaw
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
CVE-2021-22112
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
CVE-2021-22112
CVE-2021-22112 involves Spring Security flaws that could enable privilege escalation when the SecurityContext is modified multiple times in a single request. Affected versions: Spring Security 5.4.x before 5.4.4, 5.3.x before 5.3.8.RELEASE, 5.2.x before 5.2.9.RELEASE (and older unsupported versio...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...