6707 matches found
Exploit for CVE-2024-38821
cve-2024-38821 Analysis: h...
Authorization Bypass
org.springframework.security, spring-security-web is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in Spring Security’s handling of authorization rules for static resources in WebFlux applications, which allows these rules to be bypassed under specific conditions...
The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework allows a attacker to gain access to any file in the file system.
The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to access any file in the file system...
The vulnerability of the Spring Framework software platform, related to resource release errors, allows attackers to trigger service failures.
The vulnerability of the Spring Framework software platform is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures...
This Week in Spring - October 29th, 2024
Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...
The vulnerability of the Spring Framework software platform, related to resource release errors, allows attackers to trigger service failures.
The vulnerability of the Spring Framework software platform is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures...
CVE-2024-38821
An authorization bypass vulnerability was found in Spring WebFlux applications, impacting static resources under specific conditions. If an application uses Spring's static resources support with restricted non-permitAll authorization rules, unauthorized access to these resources may be possible...
city.smartb.i2:i2-spring-boot-starter-auth (=0.12.0), city.smartb.i2:i2-spring-boot-starter-auth-keycloak (=0.12.0) +328 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.0.0 <=6.0.1)
org.springframework.security:spring-security-web MAVEN version =6.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.0, =2023.0.0.0, =1.0.1-RELEASE, =1.1.1-RELEASE, =2.0.5-RELEASE, =2.4.0-RELEASE and more Source cves: CVE-2024-38821 Source advisory:...
africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7358 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.12)
org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-core (>=3.0.6.4 <=3.1.1.3) +354 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.1.0 <=6.1.1)
org.springframework.security:spring-security-web MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =7.0.4 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...
GHSA-C4Q5-6C82-3QPW Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...
com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1), com.buession.security:buession-security-web (>=3.0.0 <=3.0.1) +496 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=5.8.0 <=5.8.14)
org.springframework.security:spring-security-web MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =4.5.0, =4.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +1519 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.3.0 <=6.3.3)
org.springframework.security:spring-security-web MAVEN version =6.3.0, =0.1, =1.0.0, =1.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.4.3 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1823 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.2.0 <=6.2.6)
org.springframework.security:spring-security-web MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.1, =1.0.31 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
CVE-2024-38821
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...
CVE-2024-38821 Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...
CVE-2024-38821
CVE-2024-38821 affects Spring WebFlux with Spring Security static resource rules. A bypass is possible when a non-permitAll authorization rule is applied to Spring’s static resources and the resources are served by a WebFlux app using Spring’s static resources support. Documents confirm this CVE ...
CVE-2024-38821 Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...
K000148278: Spring framework CVE-2024-38820 vulnerability
Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...