am.ik.access-logger:access-logger (>=0.1.6 <=0.2.0), cn.herodotus.engine:access-core (>=3.1.7.0 <=3.1.7.5) +663 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (=6.0.15)

org.springframework:spring-core MAVEN version =6.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.access-logger:access-logger =0.1.6, =3.1.7.0, =3.1.7.0, =3.1.7.0, =3.1.7.3, =3.1.7.0,...

Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

Memory corruption

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

The CVE-2024-22233 entry describes a denial-of-service (DoS) vulnerability in VMware Tanzu Spring Framework when using Spring MVC with Spring Security on the classpath. Affected versions are Spring Framework 6.0.15 and 6.1.2. The DoS condition can be triggered by specially crafted HTTP requests. ...

CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Spring Framework Security Vulnerabilities

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 6.0.15 and 6.1.2, which stems from the possibility that a user may be...

Vulnerability fixed in VMware Tanzu Spring Framework

VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...

CVE-2024-22233: Spring Framework server Web DoS Vulnerability

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...

VMware Spring Boot 3.1.7 / 3.2.1 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

GHSA-9RHQ-86FM-QXQC Duplicate Advisory: Hard-coded credentials in org.folio:mod-data-export-spring

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vf78-3q9f-92g3. This link is maintained to preserve external references. Original Description Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows...

CVE-2024-23687

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

CVE-2024-23687

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...