6525 matches found
A Bootiful Podcast: IntelliJ IDEA lead Aleksey Stukalov
Hi, Spring fans! In this installment I talk to IntelliJ IDEA lead Aleksey Stukalov...
com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +59 more potentially affected by CVE-2025-2336 via org.webjars.bower:angular-sanitize (>=1.2.29 <=1.8.2)
org.webjars.bower:angular-sanitize MAVEN version =1.2.29, =0.1.5, =0.5.0, =0.5.0, =0.5.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.1 and more Source cves: CVE-2025-2336 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-10337226...
Spoofing Attack
org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...
shiyi-blog 授权问题漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. An authorization issue vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from improper authentication...
web-flash 安全漏洞
web-flash is an open source web system based on Spring Boot and Vue.js by enilu. A security vulnerability exists in web-flash version 1.0, which originates from a cross-site scripting attack due to a misuse of the parameter File...
This Week in Spring - June 3rd, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I just finished recording my session with IntelliJ IDEA project lead Aleksey Stukalov about all the amazing features coming to IntelliJ IDEA to better support Java, Kotlin, and Spring developers. It went off without a hitch...
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...
cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE), cn.bctools:jvs-gateway (=1.1.0) +59 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=3.0.0 <=3.1.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =3.0.0, =1.0.0.RELEASE, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.0.0.Beta9, =1.1.0, =0.3.3, =1.1.1, =1.0.1, =1.0.4, =1.0.5 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...
org.springframework.cloud:spring-cloud-gateway-docs (>=4.1.3 <=4.1.7), org.springframework.cloud:spring-cloud-starter-gateway-mvc (>=4.1.0 <=4.1.7) potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.0, =4.1.3, =4.1.0, =4.1.7 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +81 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =1.3.0, =0.9.0, =0.12.8 and more Source cves: CVE-2025-41235 Source advisory:...
com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:spring-cloud-gateway-docs (>=4.2.1 <=4.2.2) +1 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.2.0, =0.2.0, =4.2.1, =4.2.0, =4.2.2 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...
ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...
com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:httpclient (=4.1.9) +2 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.7 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.7, =0.2.0, =4.1.7, =4.1.7, =4.2.2 Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +63 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.1.0, =0.2.0, =1.0.0, =1.0.0, =2024.1.0.0, =15.0-RELEASE, =1.1.0, =4.2.3, =1.3.0, =0.10.2, =1.5.1, =1.6.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
cn.iosd:simple-starter-gateway (>=2023.4.1.0 <=2023.5.2.0), com.astercasc:aster-yuno-index-gateway (>=1.0.0 <=1.0.19) +44 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.0.9)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =2023.4.1.0, =1.0.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.10-2022.0.x and more Source cves: CVE-2025-412...
cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +98 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...