cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +169 more potentially affected by CVE-2024-3366 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.6.154 - cn.openjava:openjava-xxl-job-starter =2.0.0.1-alpha and more Source cves: CVE-2024-3366 Source advisory: OSV:GHSA-2V42-XP3J-47M4...

A Bootiful Podcast: Netflix’s Paul Bakker and Kavitha Srinivasan on scaling Spring Boot and Spring GraphQL

Hi, Spring fans! In this installment, I'm thrilled to be joined by Netflix's Paul Bakker and Kavitha Srinivasan, who explain how they're integrating and evolving Spring for GraphQL in their own GraphQL stack and how they're managing, growing, and evolving thousands of services written in Spring B...

Spring Tips: Hello, Java 22!

Hi, Spring fana! In this installment, I look at the amazing, just-released, Java 22!...

This Week in Spring - April 2nd, 2024

Welcome, welcome, welcome, to another installment of This Week in Spring! You know, we've come a long way since you and I last spoke. It's April already! A new month! How bizarre. And, with the dawning of a new month, we're also more than 25% through this year! I sure hope you're paying attention...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24680 DESCRIPTION: Django is vulnerable to a denial of service,...

Security Bulletin: Vulnerability with OpenJDK, commons-compress and spring-web-5.3.27/spring-web-5.3.32 affect IBM Cloud Object Storage Systems (April 2024v1)

Summary Vulnerability with OpenJDK- CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, CVE-2024-20932, CVE-2024-20919, CVE-2024-20926, commons-compress CVE-2024-25710, CVE-2024-26308 , spring-web-5.3.27 CVE-2024-22243, spring-web-5.3.32CVE-2024-22259. This vulnerability has been...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2023-34053

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

A Bootiful Podcast: Joseph Ottinger and Andrew Lombardi on "Beginning Spring 6"

Hi, Spring fans! In this episode I'm joined by Java luminaries and Apress' Beginning Spring 6 authors Joseph Ottinger and Andrew Lombardi...

Shanghai Brad Technology BladeX SQL注入漏洞

Shanghai Brad Technology BladeX is a SpringBoot Rapid Development Platform from Shanghai Brad Technology Shanghai, China. A SQL injection vulnerability exists in Shanghai Brad Technology BladeX version 3.4.0, which originates from a SQL injection vulnerability in file/api/blade-user/export-user...

This Week in Spring - March 26th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native ima...

FreeBSD : security/shibboleth-idp -- CAS service SSRF (7a7129ef-e790-11ee-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a7129ef-e790-11ee-a1c0-0050569f0b83 advisory. - Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring...

PKCE Downgrade Attack

spring-security-oauth2-authorization-server is vulnerable to PKCE Downgrade. The vulnerability is due to improper handling of PKCE authorization when a Confidential Client requests an Authorization Code Grant. Note that this vulnerability only applies to Confidential Clients, Public Clients are...

SQL injection in Folio Spring Module Core

A vulnerability was found in Folio Spring Module Core before 2.0.0. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection...

GHSA-4H5H-P23F-HJQF SQL injection in Folio Spring Module Core

A vulnerability was found in Folio Spring Module Core before 2.0.0. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection...

CVE-2022-4963

A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation...

CVE-2022-4963

A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation...

Spring Module Core SQL注入漏洞

Spring Module Core is a FOLIO open source Spring Module Core library developed using Okapi. Spring Module Core version 1.1.5 SQL injection vulnerability , the vulnerability stems from the component Schema Name Handler function dropSchema will lead to SQL injection...

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...