Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Buffer Overflow, Server Side Request Forgery SSRF and Improper Error Handling vulnerabilities. Please refer to the tabl...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

Bootiful Spring Boot 3.4: Start Here

Hi, Spring fans! And happy Spring Boot 3.4 release to those who celebrate! I know, I know what you're thinking: Josh, Spring Boot 3.4 already shipped! I know it. Spring Boot 3.4 dropped a week earlier this year! In the last couple of years, we’ve released Spring Boot on the same day as Thanksgivi...

PT-2024-41081 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

Bootiful Spring Boot 3.4: Spring Batch

The new release of Spring Batch 5.2 has a ton of features! Spring Batch is a compelling way to handle large but finite sequential data access. Think: reading from an SQL database and writing to a CSV, or reading from an FTP server and writing out an analysis of a MongoDB - batch processing. You...

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

CVE-2024-37084 Vulnerability Exploitation Example PoC CVE-2...

Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services [CVE-2016-1000027]

Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM SPSS Collaboration and Deployment Services This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027...

What's new in Spring Modulith 1.3?

After half a year of development, Spring Modulith 1.3 GA has been released. It is packed with new features, improvements, and – best of all – community contributions. Let me walk you through some of the most interesting ones. Baseline Upgrades As usual, a new minor version of Spring Modulith...

Denial Of Service (DoS)

org.springframework, spring-webmvc is vulnerable to Denial of Service DoS. The vulnerability is caused by inefficient handling of large request bodies in controller methods with an @RequestBody byte parameter, which allows an attacker to lead to resource exhaustion...

Case Insensitive Input Validation

org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...

CVE-2024-38819

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

Spring Framework 5.3.x < 5.3.42 DoS (CVE-2024-38828)

The remote host contains a Spring Framework version that is affected by a denial of service vulnerability where Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack. Note that Nessus has not tested for this issue but has instead relied only on th...

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

Exploit for CVE-2024-22262

Spring CVE-2024-22262 Proof of Concept This repo contains...

K000148606: Spring vulnerability CVE-2021-22119

Security Advisory Description Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. ...

Why Spring AI: The Seamless Path to Generative AI

Why Spring AI: The Seamless Path for Spring Developers to the World of Generative AI Intro As a Java developer exploring the world of generative AI, you’re probably aware of several frameworks that promise to make AI integration easy. I believe Spring AI stands out as the natural choice, especial...