6707 matches found
GHSA-P528-3MVF-GR87 Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084
In Spring Cloud Data Flow, versions prior to 2.11.4 (notably 2.11.0–2.11.3) are affected. A malicious user with access to the Skipper server API can send a crafted upload request to write an arbitrary file to any location on the file system, which could lead to remote code execution and full serv...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
Spring Framework < 5.3.33 / 6.0.x < 6.0.18 / 6.1.x < 6.1.5 Open Redirect (CVE-2024-22259)
The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...
VMware Spring Cloud Data Flow 安全漏洞
VMware Spring Cloud Data Flow is a codebase for streaming and batch data processing in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow versions 2.11.0 through 2.11.3, which originates from a malicious user with privileged access to the server's API...
A Bootiful Podcast: Cloud Legend Mark Fynes
Hi, Spring fans! In this installment I talk to Mark Fynes. Mark’s a field principal with Tanzu at Broadcom, building platforms with our Pivotal/VMWare/Broadcom customers for the past 10 years. Passionate technologist, working closely with developers, architects, IT-operations, security architectu...
Spring Framework < 5.3.32 / 6.0.x < 6.0.17 / 6.1.x < 6.1.4 Open Redirect (CVE-2024-22243)
The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...
PT-2024-7036 · Spring · Spring Cloud Data Flow
Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions prior to 2.11.4 Description: A malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system, which could lead to...
This Week in Spring - July 23rd, 2024
Hi, Spring fans! It's such an exciting time to be alive! I hope you're doing well. It's nearly the end of July, already! Time is flying and as always the community has not disappointed with their incredible content. Let's dive right into it! have you registered for SpringOne 2024 yet? I love this...
Oracle Primavera Unifier (Jul 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...
Oracle MySQL Enterprise Monitor (Jul 2024 CPU)
The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor component Spring Security. A remote unauthenticated attacker could gain unauthorized access t...
GHSA-VMCP-66R5-3PCP Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Summary When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an error is logged with the Eureka server service URLs but only the first URL is masked. Details Package: Steeltoe.Discovery.Eureka Package version: 3.2.1 Branc...
CVE-2024-6834
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...
CVE-2024-6834
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...
CVE-2024-6834 Imperative Local Command Injection allows Activity Masking
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...
CVE-2024-6834 Imperative Local Command Injection allows Activity Masking
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...