Path Traversal (Arbitrary Read/Write) org.springframework:spring-webmvc Dependency in Jira Service Management Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 5.12.0 Jira Service Management Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

This Week in Sprng - March 11th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a busy week as always, fresh off the rush that was Devnexus and busily preparing for the fun that is JavaOne! It's going to be epic! want to learn about dependency injection, auto-configuration, Spring Framework, Spring...

Null Safety in Spring applications with JSpecify and NullAway

The initial introduction of the null safety support in Spring dates back to 2017 and the release of Spring Framework 5.0. In 2025, we are evolving that story to bring more added value for Spring developers, either in Java or Kotlin. But before having a deeper look to the changes we are working on...

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of concept for the CVE-2024-38819 vulnerability, which I reported, demonstrating a path traversal exploit. Execution Steps 1. Build the Docker image Spring Boot 3.3.4, based on Spring Framework 6.1.13 cd vuln docker build -t cve-2024-38819-poc...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which stems from improper manipulation of the userId parameter, which may lead to improper access control...

Linux Distros Unpatched Vulnerability : CVE-2023-20883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service...

Linux Distros Unpatched Vulnerability : CVE-2024-38816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...

Linux Distros Unpatched Vulnerability : CVE-2024-38828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack. CVE-2024-38828 Note that Nessus relies on the presence ...

Linux Distros Unpatched Vulnerability : CVE-2024-38808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language...

Linux Distros Unpatched Vulnerability : CVE-2024-38819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...

Linux Distros Unpatched Vulnerability : CVE-2013-6429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which...

Linux Distros Unpatched Vulnerability : CVE-2017-8039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

Linux Distros Unpatched Vulnerability : CVE-2014-0225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by...

Spring gRPC 0.4.0 for great good!

NB : you can find the working code for this blog here There's a new release of the amazing—if experimental—Spring gRPC project: version 0.4.0. I won't get into the nitty-gritty of all that's new, but I just wanted to highlight how elated I am to use it and walk you through the step-by-step path t...

This Week in Sprng - March 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring , and Happy Devnexus 2025 to those who celebrate! That's right sports fans, I'm off to awesome Atlanta, Georgia later today for Devnexus, one of the world's largest annual gatherings of Java community and luminaries alike. I'l...

Linux Distros Unpatched Vulnerability : CVE-2017-4971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services (CVE-2023-20863)

Summary Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services CVE-2023-20863 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially...

VulnCheck KEV: CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

Mini-Tmall 跨站脚本漏洞

Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...