cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49374 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49374 Source advisory: OSV:GHSA-R7W2-J96V-VW8M...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49373 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49373 Source advisory: OSV:GHSA-CJ7J-23WF-MHRX...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49379 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49379 Source advisory: OSV:GHSA-R2WJ-MXVH-WQFH...

IceCMS Cross-Site Scripting Vulnerability (CNVD-2023-98191)

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site scripting vulnerability exists in IceCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

This Week in Spring - December 5th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

Exploit for Improper Preservation of Permissions in Vmware Spring_Security

cve-2023-34034 Demonstration of CVE-2023-34034 aut...

org.jupiter-rpc:jupiter-example (>=1.2.0 <=1.2.7), org.jupiter-rpc:jupiter-extension-tracing (>=1.2.12 <=1.3.1-beta-2) +3 more potentially affected by CVE-2023-48887 via org.jupiter-rpc:jupiter-rpc (>=1.2.0 <=1.3.1)

org.jupiter-rpc:jupiter-rpc MAVEN version =1.2.0, =1.2.0, =1.2.12, =1.2.0, =1.2.0, =1.2.0, =1.3.1-beta-2 Source cves: CVE-2023-48887 Source advisory: OSV:GHSA-6PQX-V9G4-5HC8...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1, which stems from not fully validating the number of user requests...

PT-2023-35623 · Spring · Spring

Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...

A Bootiful Podcast: Spring Security legend Laura Spilca joins us to talk Spring Authorization Server and upgrading to Spring Boot 3

Hi, Spring fans! This week, my first as an employee of Broadcom, I am joined by Spring Security community legend Laura Spilca and we talk about all things security, OAuth, and more...

VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework 6.0.0 - 6.0.13 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ai.timefold.solver:timefold-solver-examples (>=1.1.0 <=1.4.0), ai.timefold.solver:timefold-solver-spring-boot-starter (=1.4.0) +5822 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-core (>=1.4.0 <=1.4.11)

ch.qos.logback:logback-core MAVEN version =1.4.0, =1.1.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.1 and more Source cves: CVE-2023-6378 Source advisory: OSV:GHSA-VMQ6-5M68-F53M...

Denial Of Service (DoS)

Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...

Denial Of Service (DoS)

org.springframework: spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note tha...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Security

Summary Multiple vulnerabilities in VMware Tanzu Spring Security used by IBM InfoSphere Information Server were addressed. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Security could allow a...

Security Bulletin: IBM Sterling B2B Integrator affected by multiples issues due to Spring Framework

Summary IBM Sterling B2B Integrator uses Spring Framework, which is affected by multiple vulnerabilies. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID: CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...