6877 matches found
Spring Tips: easy CQRS with Axon Framework
Hi, Spring fans! In this installment I'm joined by Axon Framework founder Allard Buijze and we look at the new integrations for Spring Boot developers in Axon Framework and AxonIQ Server. Special thanks to AxonIQ for the keynote video replay. Check out for more great stuff! java java21 axon...
This Week in Spring - January 30th, 2024
Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Golang GO and VMware Tanzu Spring Framework
Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running...
CVE-2023-45669
WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...
A Bootiful Podcast: Spring trainer extraordinairre Patrick Baumgartner
Hi, Spring fans! In this installment, I talked to Spring trainer extraordinaire, long-time community contributor, and Voxxed Days co-organizer for various shows in Switzerland. This talk was recorded live at Voxxed Days CERN!...
Denial Of Service (DoS)
org.springframework: spring-core is vulnerable to Denial of Service DoS. The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service DoS. As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability to ...
RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. - xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow...
The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to trigger service failures.
The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through the spring-cloud-function-web module...
The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to trigger service failures.
The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created SpEL expression...
CVE-2024-22233
A flaw was found in the Spring Framework. This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service DoS. An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring...
ai.djl.spring:djl-spring-boot-starter-autoconfigure (=0.26), ai.djl.spring:djl-spring-boot-starter-mxnet-auto (=0.26) +3936 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (>=6.1.2 <=6.1.21)
org.springframework:spring-core MAVEN version =6.1.2, =0.25.7-rc.6, =0.8.0.BETA, =1.0.2, =1.0.2, =1.0.2, =1.0.6 and more Source cves: CVE-2024-22233 Source advisory: OSV:GHSA-R4Q3-7G4Q-X89M...
am.ik.access-logger:access-logger (>=0.1.6 <=0.2.0), cn.herodotus.engine:access-core (>=3.1.7.0 <=3.1.7.5) +663 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (=6.0.15)
org.springframework:spring-core MAVEN version =6.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.access-logger:access-logger =0.1.6, =3.1.7.0, =3.1.7.0, =3.1.7.0, =3.1.7.3, =3.1.7.0,...
Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
Memory corruption
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
The CVE-2024-22233 entry describes a denial-of-service (DoS) vulnerability in VMware Tanzu Spring Framework when using Spring MVC with Spring Security on the classpath. Affected versions are Spring Framework 6.0.15 and 6.1.2. The DoS condition can be triggered by specially crafted HTTP requests. ...