VMware Tanzu Spring LDAP 安全漏洞

VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...

Spring Eureka Detected

Spring Eureka is a service discovery and registration server. It enables microservices to dynamically discover and communicate with each other without hardcoded hostnames and ports. The scanner detected the usage of Spring Eureka on the target application. No source data...

This Week in Spring - December 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...

Extending Spring Data Repositories Just Got Easier

Since its inception, Spring Data Repositories have been designed for extension, whether you want to customize a single query method or provide a completely new base implementation. The 2024.1 release enhances your ability to extend a repository with custom functionality making it easier than ever...

org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Spring Boot security update.

Red Hat build of Apache Camel 4.8 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE), br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5) +723 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-core MAVEN version =6.1.0, =1.5.1.RELEASE, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.5 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +606 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.15)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +2385 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.4)

org.springframework.security:spring-security-core MAVEN version =6.3.0, =cloud-0.1, =1.3.0, =1.0.0, =1.0.0, =0.0.1, =1.0.42, =1.0.45 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +2196 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.7)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.31 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

be.jidoka:jdk-keycloak-admin (=2.0.0), br.com.devires.framework.boot:devires-framework-boot-audit (=1.1.0) +694 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.0.0 <=6.0.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =1.1.0, =1.1.0, =0.12.0, =0.12.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 and more Source cves: CVE-2024-38827 Source advisory:...

GHSA-Q3V6-HM2V-PW99 Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +9308 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=2.0.0 <=5.7.13)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.7 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security that stems from the presence of a number of anomalies related to the language environment...

io.github.openfeign.querydsl:querydsl-collections (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10) +2 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=6.0.0.M1 <=6.10)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.0.0.M1, =6.10 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Buffer Overflow, Server Side Request Forgery SSRF and Improper Error Handling vulnerabilities. Please refer to the tabl...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...