Linux Distros Unpatched Vulnerability : CVE-2023-22602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication...

Linux Distros Unpatched Vulnerability : CVE-2025-22233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, ther...

Linux Distros Unpatched Vulnerability : CVE-2024-38807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be...

Linux Distros Unpatched Vulnerability : CVE-2018-1199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3...

This Week in Spring - August 26th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...

Linux Distros Unpatched Vulnerability : CVE-2016-5007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping...

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot2.0 development, integrated: personal home page, personal blog, personal works. A security vulnerability exists in version 1.0.2.RELEASE of my-site, which stems from improper access control of the doFilter function...

Linux Distros Unpatched Vulnerability : CVE-2022-22965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

Linux Distros Unpatched Vulnerability : CVE-2021-22096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the...

A Bootiful Podcast: Andrey Belyaev, product manager for IntelliJ IDEA

Hi, Spring fans! In this installment, we talk to Andrey Belyaev, a Product Manager at JetBrains working on the IntelliJ IDEA product, about the latest-and-greatest support for Spring in Jetbrains IntelliJ IDEA!...

Linux Distros Unpatched Vulnerability : CVE-2022-22968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitiv...

Linux Distros Unpatched Vulnerability : CVE-2024-22258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for...

Linux Distros Unpatched Vulnerability : CVE-2023-34053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS...

Linux Distros Unpatched Vulnerability : CVE-2018-1257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSock...

Spring Framework 5.3.x < 5.3.44 / 6.1.x < 6.1.22 / 6.2.x < 6.2.10 Path Traversal (CVE-2025-41242)

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.44, 6.1.x prior to 6.1.22, or 6.2.x prior to 6.2.810. It is, therefore, affected by a path traversal vulnerability: - Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +306 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +304 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: SNYK:JAVA-ORGAPACHETIKA-12238980...

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot2.0 development, integrated: personal home page, personal blog, personal works. A security vulnerability exists in my-site v1.0.2, which stems from improper access control of the preHandle function in the...

Linux Distros Unpatched Vulnerability : CVE-2022-22976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the...

Linux Distros Unpatched Vulnerability : CVE-2023-20861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide...