CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/08/20 4:15 a.m.•12 views

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

7.5CVSS0.00968EPSS

Cvelist•added 2024/08/20 3:35 a.m.•22 views

CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

6.5CVSS0.00968EPSS

CVE•added 2024/08/20 3:35 a.m.•75 views

CVE-2024-38810

CVE-2024-38810 affects VMware Tanzu Spring Security; vulnerability arises from missing authorization when using @AuthorizeReturnObject, enabling an attacker to obtain sensitive information. Connected sources confirm affected components include Spring Security 6.3.0 and 6.3.1, with multiple vendor...

7.5CVSS6.5AI score0.00968EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/08/20 3:35 a.m.•12 views

CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

6.5CVSS6.9AI score0.00968EPSS

CNNVD•added 2024/08/20 12:0 a.m.•2 views

Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 5.3.0 through 5.3.38, which stems from the possibility that a user may supp...

4.3CVSS6.9AI score0.00809EPSS

Exploits0References5

CNNVD•added 2024/08/20 12:0 a.m.•2 views

Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.3.0 and 6.3.1, which stems from a lack of authorization when using @AuthorizeReturnObject, and allows ...

7.5CVSS6.4AI score0.00968EPSS

Exploits0References3

Spring Engineering•added 2024/08/20 12:0 a.m.•15 views

Spring AI with NVIDIA LLM API

Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...

7AI score

Exploits0

Spring Engineering•added 2024/08/20 12:0 a.m.•29 views

This Week in Spring - August 20th, 2024

Hi, Spring fans! Welcome to another installment in This Week in Spring! And happy week-before-SpringOne! I'm so excited I could spit! As you might imagine, AI, cloud native architecture, and so much more are top-of-mind. I love AI, and all its many applications. In that spirit, let's get ChatGPT ...

5.4CVSS7.4AI score0.00809EPSS

Exploits1

Positive Technologies•added 2024/08/19 12:0 a.m.•3 views

PT-2024-28230 · Unknown · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions 6.3.0 through 6.3.1 Description: The issue is related to missing authorization when using @AuthorizeReturnObject in Spring Security, allowing an attacker to render security annotations ineffective. This potentially...

7.5CVSS7AI score0.00968EPSS

Exploits0References18

OSV•added 2024/08/16 12:16 a.m.•6 views

OSV-2024-1018 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67071 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa...

7.1AI score

OSV•added 2024/08/16 12:12 a.m.•3 views

OSV-2024-930 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70893 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl.hashCode...

7.1AI score

OpenVAS•added 2024/08/15 12:0 a.m.•68 views

VMware Spring Framework < 5.3.38, 6.0.x < 6.0.23, 6.1.x < 6.1.12 DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenVAS•added 2024/08/15 12:0 a.m.•28 views

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Linux

OpenVAS•added 2024/08/15 12:0 a.m.•34 views

VMware Spring Framework < 5.3.38, 6.0.x < 6.0.23, 6.1.x < 6.1.12 DoS Vulnerability - Linux

OpenVAS•added 2024/08/15 12:0 a.m.•22 views

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows