spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.

Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

The vulnerability of the functional web framework WebFlux.fn within the Spring Framework allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.fn in the Spring Framework is due to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

IceCMS File Upload Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A file upload vulnerability exists in IceCMS 3.4.7 and earlier versions, which stems from the lack of validation of uploaded files in the uploadFile method of FileUtils.java. An attacker can use...

K000148349: Spring framework vulnerability CVE-2024-38819

Security Advisory Description The cve record for the cve id does not exist. CVE-2024-38819 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

Exploit for CVE-2024-38821

cve-2024-38821 Analysis: h...

Authorization Bypass

org.springframework.security, spring-security-web is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in Spring Security’s handling of authorization rules for static resources in WebFlux applications, which allows these rules to be bypassed under specific conditions...

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework allows a attacker to gain access to any file in the file system.

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to access any file in the file system...

The vulnerability of the Spring Framework software platform, related to resource release errors, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software platform is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures...

This Week in Spring - October 29th, 2024

Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...

The vulnerability of the Spring Framework software platform, related to resource release errors, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software platform is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2024-38821

An authorization bypass vulnerability was found in Spring WebFlux applications, impacting static resources under specific conditions. If an application uses Spring's static resources support with restricted non-permitAll authorization rules, unauthorized access to these resources may be possible...

city.smartb.i2:i2-spring-boot-starter-auth (=0.12.0), city.smartb.i2:i2-spring-boot-starter-auth-keycloak (=0.12.0) +328 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.0.0 <=6.0.1)

org.springframework.security:spring-security-web MAVEN version =6.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.0, =2023.0.0.0, =1.0.1-RELEASE, =1.1.1-RELEASE, =2.0.5-RELEASE, =2.4.0-RELEASE and more Source cves: CVE-2024-38821 Source advisory:...

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7358 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.12)

org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...