com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)

org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Spring Framework [CVE-2024-38809]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Spring Framework, caused by improper input validation CVE-2024-38809. Spring Framework is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in Spring Framework [CVE-2024-38820]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security weakness in Spring Framework, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive CVE-2024-38820. Spring Framework is used by our Speech Microservices. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Spring Security [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Spring Security, caused by a locale dependent exceptions issue in the useage of String.toLowerCase and String.toUpperCase fimctopms CVE-2024-38827. VMware Tanzu Spring Security is used by our Speech...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework [CVE-2024-38819]

Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework, caused by improper validation of user request by the functional web frameworks WebMvc.fn or WebFlux.fn CVE-2024-38819. Spring Framework is used by our Speech Microservices. This vulnerabilitiy...

Security Bulletin: Vulnerability in Spring WebFlux affects watsonx.data

Summary Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security...

Security Bulletin: Vulnerabilities in VMware Tanzu Spring Framework affect watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attacks and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

This Week in Spring - February 25th, 2025

Hi, Spring fans, and welcome to another rip-roarin' installment of This Week in Spring! Later today I'll board a plane for magnificent Montreal, Canada for the amazing Confoo conference! I'm super excited! Good news everybody! Spring Boot 3.5.0-M2 is now available! In last week's installment of t...

VulnCheck KEV: CVE-2020-5412

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

A Bootiful Podcast: BellSoft's Catherine Edelveis

Hi, Spring and JDK fans! In this week's episode I talk to BellSoft developer advocate Catherine Edelveis java springboot jre jdk graalvm CRaC...

This Week in Spring - February 18th, 2025

Hi, Spring fans! It's the week of February 18th, 2025, and you know what that means? ConFoo and Devnexus are nearly here! Next week, I'll be traveling to amazing Montreal, Canada, to speak at the ConFoo show for an amazing community, poutine, and technology! Then, a few days later, it's off to...

Path Traversal (Arbitrary Read/Write) org.springframework:spring-webmvc Dependency in Jira Software Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 9.12.0 Jira Software Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

A Bootiful Podcast: Spring Boot and Spring Initializr legend Moritz Halbritter

Hi, Spring fans! In this installment I talk to Spring Boot and Spring Initializr legend Moritz Halbritter...

A Bootiful Podcast: Spring Legend Glenn Renfro on Devnexus 2025, Cold brews, and More

Hi, Spring fans! In today's installment, I talk to Spring legend Glenn Renfro...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +24632 more potentially affected by CVE-2025-25193 via io.netty:netty-common (>=4.0.0.Alpha1 <=4.1.117.Final)

io.netty:netty-common MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

Security Bulletin: Vulnerability in Spring Core affect watsonx.data

Summary Spring Core is vulnerable to security restriction bypass attacks, to denial of service attacks, and to arbritrary code excution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-1199 DESCRIPTION: Pivotal Spring Security and Spring Framework could allow a remot...

Security Bulletin: Vulnerability in Pivota Spring Framework affects watsonx.data

Summary Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: Vulnerabilities in Spring Web affect watsonx.data

Summary Spring Web is vulnerable to open re-direct attacks, to phishing attacks, to denial of service attack, to elevation of privilege attacks to reflected file download attacks, to security restrictions bypass attacks, to arbitrary code execution attacks, and to security restrictions bypass...

Security Bulletin: Multiple vulnerabilities in spring packaged with CMIS affect IBM Business Automation Workflow - CVE-2024-22262, CVE-2024-38809

Summary IBM Business Automation Workflow is vulnerable repackages a FileNet Content Manager's CMIS interface, which in turn repackages parts of a version of the Spring framework. Vulnerabilities have been reported for spring. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...