io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.15 <=0.4.16), io.zipkin:zipkin-server (>=3.3.1 <=3.4.1) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.3.0 <=3.3.2)

org.springframework.boot:spring-boot-loader-classic MAVEN version =3.3.0, =0.4.15, =3.3.1, =3.3.0, =3.3.13 - org.springframework.cloud:spring-cloud-function-adapter-gcp =4.1.6 - org.springframework.cloud:spring-cloud-function-deployer =4.1.6 Source cves: CVE-2024-38807 Source advisory:...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

DEBIAN-CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

UBUNTU-CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

CVE-2024-38807 describes a signature forgery vulnerability in VMware Spring Boot/loader components where signature verification of nested JARs can be bypassed, enabling content signed by one signer to appear signed by another. The NVD summary matches this description. Connected advisories identif...

Spring Framework < 5.3.39 Spring Expression DoS (CVE-2024-38808)

The remote host contains a Spring Framework version prior to 5.3.39. It is, therefore, affected by a Spring expression DoS vulnerability: - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Langua...

Spring Framework < 5.3.39 / 6.0.x < 6.0.23 / 6.1.x < 6.1.12 HTTP Request DoS (CVE-2024-38809)

The remote host contains a Spring Framework version prior to 5.3.39, 6.0.x prior to 6.0.23, or 6.1.x prior to 6.1.12. It is, therefore, affected by an HTTP Request DoS vulnerability: - Applications that parse ETags from 'If-Match' or 'If-None-Match' request headers are vulnerable to DoS attack...

VMware Spring Boot 安全漏洞

VMware Spring Boot is a set of open source frameworks from VMware. A security vulnerability exists in VMware Spring Boot that stems from vulnerability to signature forgery attacks. The following products and versions are affected: Versions 2.7.0 through 2.7.21, 3.0.0 through 3.0.16, 3.1.0 through...

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

Structured logging in Spring Boot 3.4

Logging is a long established part of troubleshooting applications and one of the three pillars of observability, next to metrics and traces. No one likes flying blind in production, and when incidents happen, developers are happy to have log files. Logs are often written out in a human-readable...

PT-2024-28229

Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.7.0 through 2.7.21 Spring Boot versions 3.0.0 through 3.0.16 Spring Boot versions 3.1.0 through 3.1.12 Spring Boot versions 3.2.0 through 3.2.8 Spring Boot versions 3.3.0 through 3.3.2 Description Applications that use...

Exploit for CVE-2024-22263

CVE-2024-22263Scanner For Ethical Usage only, Any harmful or...

Denial Of Service (DoS)

org.springframework, spring-expression is vulnerable to a Denial of Service DoS. The vulnerability is due to the evaluation of user-supplied Spring Expression Language SpEL expressions, which attackers can exploit by providing specially crafted expressions that can overload the system...

CVE-2024-38808

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

GHSA-9CMQ-M9J5-MVWW Spring Framework vulnerable to Denial of Service

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...