6883 matches found
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
Design/Logic Flaw
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The CVE-2023-34042 issue concerns the Spring Security spring-security-config jar where the spring-security.xsd file is world-writable. This enables a local authenticated attacker to write the file, reflecting CWE-732: Incorrect Permission Assignment for Critical Resource. The connected IBM and OS...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit...
VMware Spring Security Security Vulnerability
VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.1.1 through 6.1.3, 6.0.4 through 6.0.6, 5.8.4 through 5.8.6, and 5.7.9 through 5.7.10, which stems fro...
Information Disclosure
Spring Cloud Contract is vulnerable to Information Disclosure. The vulnerability is due to temporary directories created with insecure permissions due to the guava dependency...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in VMware Tanzu Spring Boot
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Boot . Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]
Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details fo...
Spring Cloud Contract vulnerable to local information disclosure
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=3.1.0 <=3.1.1), no.skatteetaten.aurora.gradle.plugins:aurora-gradle-plugin (>=4.4.6 <=4.5.2) +14 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=3.1.0 <=3.1.1)
org.springframework.cloud:spring-cloud-contract-shade MAVEN version =3.1.0, =3.1.0, =4.4.6, =4.4.6, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.1 - org.springframework.cloud:spr...
GHSA-P6RP-MX85-M459 Spring Cloud Contract vulnerable to local information disclosure
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)
org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...
gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=4.0.1 <=4.0.4), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (>=4.0.0 <=4.0.4) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=4.0.0 <=4.0.4)
org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.0.0, =4.0.1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.4 Source cves: CVE-2024-22236 Source advisory: OSV:GHSA-P6RP-MX85-M459...
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
Information disclosure
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...