6599 matches found
Spring Framework vulnerable to Denial of Service
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
DEBIAN-CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
UBUNTU-CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
CVE-2024-38808
The CVE-2024-38808 DoS in Spring Framework is triggered when an application evaluates user-supplied SpEL expressions in versions 5.3.0–5.3.38 and older unsupported releases. The vulnerability is due to how SpEL expressions may be crafted to exhaust resources, leading to denial of service. Several...
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +1307 more potentially affected by CVE-2024-38810 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.10)
org.springframework.security:spring-security-core MAVEN version =6.3.0, =0.1, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.2.2 and more Source cves: CVE-2024-38810 Source advisory: OSV:GHSA-HMQF-WPQ9-JQ83...
GHSA-HMQF-WPQ9-JQ83 Spring Security Missing Authorization vulnerability
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
Spring Security Missing Authorization vulnerability
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
CVE-2024-38810
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
CVE-2024-38810
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
CVE-2024-38810
CVE-2024-38810 affects VMware Tanzu Spring Security; vulnerability arises from missing authorization when using @AuthorizeReturnObject, enabling an attacker to obtain sensitive information. Connected sources confirm affected components include Spring Security 6.3.0 and 6.3.1, with multiple vendor...
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
Spring Framework 安全漏洞
VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 5.3.0 through 5.3.38, which stems from the possibility that a user may supp...
Spring Security 安全漏洞
VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.3.0 and 6.3.1, which stems from a lack of authorization when using @AuthorizeReturnObject, and allows ...
Spring AI with NVIDIA LLM API
Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...