CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

Spring Framework Security Vulnerabilities

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 6.0.15 and 6.1.2, which stems from the possibility that a user may be...

VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Vulnerability fixed in VMware Tanzu Spring Framework

VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...

CVE-2024-22233: Spring Framework server Web DoS Vulnerability

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...

VMware Spring Boot 3.1.7 / 3.2.1 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

GHSA-9RHQ-86FM-QXQC Duplicate Advisory: Hard-coded credentials in org.folio:mod-data-export-spring

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vf78-3q9f-92g3. This link is maintained to preserve external references. Original Description Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows...

CVE-2024-23687

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

CVE-2024-23687

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

CVE-2024-23687

CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...

CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

mod-data-export-spring Trust Management Issues Vulnerability

mod-data-export-spring is a FOLIO open source API for data export Spring modules. A security vulnerability exists in mod-data-export-spring versions prior to 1.5.4, 2.0.0 through 2.0.2, which stems from the use of hard-coded credentials...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

This Week in Spring - January 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...

Eva SQL Injection Vulnerability

Eva Eva is a coderd-repos open source based on SpringBoot, Mybatis Plus, open source backend management system project framework. Eva 1.0.0 version of the existence of SQL injection vulnerability , the vulnerability stems from /system/traceLog/page page SQL injection vulnerability...

Spring Tips: Spring Data JDBC

Hi, Spring fans! In this installment, Josh Long looks at the fantastic Spring Data JDBC project, which is one of the easiest and most powerful ways to leverage JDBC in a Spring Boot application...

This Week in Spring - January 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, com...