CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

Information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

Spring Cloud Contract (org.springframework.cloud:spring-cloud-contract-shade) is affected. Versions 4.1.x before 4.1.1, 4.0.x before 4.0.5, and 3.1.x before 3.1.10 permit local information disclosure due to temporary directories created with unsafe permissions via the shaded com.google.guava:guav...

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework implemented in Spring Boot by the Spring team. A security vulnerability exists in Spring Cloud Contract versions prior to 4.1.1, 4.0.5, and 3.1.10, which can be exploited to disclose local information through a temporary directory created with insecure...

PT-2024-19288 · Google +1 · Guava +1

Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

The vulnerability of the Spring MVC design pattern used in the Spring Framework, a Java framework for securing industrial applications, and Spring Boot, a framework for creating web applications, allows attackers to induce service failures.

The vulnerability of the Spring MVC design pattern used in the Spring Framework, a Java framework for securing industrial applications, and Spring Boot, a framework for creating web applications, is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow an attack...

Spring Tips: easy CQRS with Axon Framework

Hi, Spring fans! In this installment I'm joined by Axon Framework founder Allard Buijze and we look at the new integrations for Spring Boot developers in Axon Framework and AxonIQ Server. Special thanks to AxonIQ for the keynote video replay. Check out for more great stuff! java java21 axon...

This Week in Spring - January 30th, 2024

Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Golang GO and VMware Tanzu Spring Framework

Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running...

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

A Bootiful Podcast: Spring trainer extraordinairre Patrick Baumgartner

Hi, Spring fans! In this installment, I talked to Spring trainer extraordinaire, long-time community contributor, and Voxxed Days co-organizer for various shows in Switzerland. This talk was recorded live at Voxxed Days CERN!...

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service DoS. The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service DoS. As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability to ...

RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. - xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through the spring-cloud-function-web module...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created SpEL expression...

CVE-2024-22233

A flaw was found in the Spring Framework. This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service DoS. An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring...

ai.djl.spring:djl-spring-boot-starter-autoconfigure (=0.26), ai.djl.spring:djl-spring-boot-starter-mxnet-auto (=0.26) +3936 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (>=6.1.2 <=6.1.21)

org.springframework:spring-core MAVEN version =6.1.2, =0.25.7-rc.6, =0.8.0.BETA, =1.0.2, =1.0.2, =1.0.2, =1.0.6 and more Source cves: CVE-2024-22233 Source advisory: OSV:GHSA-R4Q3-7G4Q-X89M...