6525 matches found
This Week in Spring - July 22nd, 2025
Hi, Spring fans! It's almost SpringOne time!! AAAAH it's all moving so quickly! I can hardly stand it. SpringOne's next month, in lovely Las Vegas, and I'll be there. Will you? Have you registered? We'll be looking at the impending Spring Boot 4.0 and Spring Framework 7.0 releases! It's going to ...
Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass IP restrictions on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web.xml file. The issue results from an incomplete...
A Bootiful Podcast: Spring legends Tasha Isenberg and Jason Konicki
Hi, Spring fans! In this edition, I had the pleasure of chatting with the brilliant Arjen Poutsma, our go-to API oracle. If you’re curious about his fantastic insights, thoughts, and consultancy services, be sure to check out poutsma-principles.com...
org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (=7.0-preview-1)
org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...
org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (=7.0-preview-1)
org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...
This Week in Spring - July 15th, 2025
Hi, Spring fans! It's already the 15th of July! We're closer to 2026 than we are to 2024. And time's sure flying. Like I will, tomorrow. I'll be flying to Denver for the amazing UBERCONF software show! I'll be doing a workshop and two talks, and if you're there, I hope you'll come say "hi"! Let's...
SpringBoot_MyBatisPlus 路径遍历漏洞
SpringBootMyBatisPlus is a SpringBoot integration with MyBatisPlus by Siwei Zhou, an individual developer. A path traversal vulnerability exists in SpringBootMyBatisPlus, which stems from path traversal due to incorrect manipulation of the parameter Name in file/file/download...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webmvc-5.3.27.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webmvc-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack. CWE:CWE-400: Uncontrolled Resource...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in...
A Bootiful Podcast: API oracle Arjen Poutsma
Hi, Spring fans! In this edition, I had the pleasure of chatting with the brilliant Arjen Poutsma, our go-to API oracle. If you’re curious about his fantastic insights, thoughts, and consultancy services, be sure to check out poutsma-principles.com...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download RFD attack.The filename is derived from user-supplied input but sanitized by the application. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION:...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-web-5.8.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-web-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstance...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...
Sensitive Information Exposure
io.zipkin, zipkin-server is vulnerable to Sensitive Information Exposure. The vulnerability is due to the presence of an unprotected /heapdump endpoint associated with Spring Boot Actuator, which allows an attacker to retrieve memory dumps and potentially extract sensitive data. Note: There is a...
This Week in Spring - July 8th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I write this having spent a wonderful week in paradise Bora Bora, French Polynesia, to be precise with my partner Tam Mie. We were so very sad to have to say goodbye. But that means I'm officially back at my desk, with nary a...