ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36892 more potentially affected by CVE-2024-38809 via org.springframework:spring-web (>=1.2.1 <=5.3.37)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-38809 Source advisory: OSV:GHSA-2RMJ-MQ67-H97G...

GHSA-2RMJ-MQ67-H97G Spring Framework DoS via conditional HTTP request

Description Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are al...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.70.0 <=0.74.0), ai.ancf.lmos:arc-runner (=0.73.0) +3473 more potentially affected by CVE-2024-38809 via org.springframework:spring-web (>=6.1.0 <=6.1.11)

org.springframework:spring-web MAVEN version =6.1.0, =0.70.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.8.7 and more Source cves: CVE-2024-38809 Source advisory: OSV:GHSA-2RMJ-MQ67-H97G...

Spring Framework DoS via conditional HTTP request

Description Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are al...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from vulnerability to denial-of-service attacks when parsing ETags...

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Linux

VMware Spring Boot is prone to a signature forgery vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

This Week in Spring - September 24th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in delightful Dallas, TX, at the amazing JConf.dev show. Then I'm off to Germany, and then back home to do some laundry before heading out to Denver, CO, for the amazing Dev2Next show, before then heading out to Belgium f...

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Windows

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Windows

VMware Spring Boot is prone to a signature forgery vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.fn of the Spring Framework arises from incorrect path name restrictions for restricted directories. This allows attackers to gain access to any file in the file system.

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.fn of the Spring Framework is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to any file in t...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.

Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +33675 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.25.4)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.1.1, =0.1.1, =0.1.1, =1.4.6, =1.0.0, =0.0.23, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.2.8 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

Aembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities

Silver Spring, Maryland, 19th September 2024, CyberNewsWire...

A Bootiful Podcast: Flowable cofounder and my friend Joram Barrez on workflow, case management, AI, Spring, and so much more

Hi, Spring fans! In this installment I catch up with my friend Joram Barrez, cofounder of Flowable, an amazing and opensource workflow engine, on their latest and greatest, AI, Spring, and so much more. workflow bpmn apache2 springboot java...

Security Bulletin: Vulnerability in Spring Framework affects IBM watsonx.data

Summary Spring Framework running on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. This may affect IB...

Spring Framework < 5.3.40 / 6.0.x < 6.0.24 / 6.1.x < 6.1.13 Path Traversal (CVE-2024-38816)

The remote host contains a Spring Framework version is affected by a path traversal vulnerability. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain...

This Week in Spring - September 17th, 2024

Hi, Spring fans! Last week I was in scintilliating Seoul, Korea, and then tantalizing Tokyo, Japan, and now I'm in marvelous Mumbai, India, at the airport, actually, headed to New Delhi, India. It's been a busy week for me and even busier a week for the community, so let's dive into it! Java 23 i...

Path Traversal

org.springframework:spring-webmvc and org.springframework:spring-webflux are vulnerable to Path Traversal. The vulnerability is due to inadequate validation of file paths in HTTP requests, allowing access to files on the file system when using RouterFunctions with a FileSystemResource location...

CVE-2024-38816

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...