CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

The vulnerability of the Spring AMQP RabbitMQ messaging application, related to deserialization mechanism flaws, allows attackers to gain unauthorized access to message writing operations in RabbitMQ.

The vulnerability of the Spring AMQP RabbitMQ messaging application is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to write messages to RabbitMQ...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.1 release security update

Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

This Week in Spring - October 24th, 2023

Hi, Spring fans! This week I'm in Lisbon, and Porto, Portugal, ahead of the Porto Tech Hub event in Porto, and my tour bus is about to leave! So, let's dive right into it! Spring Authorization Server 1.1.3, 1.0.4 and 0.4.4 available now Spring Authorization Server 1.2.0-RC1 available now Spring...

A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cau...

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

Deserialization of untrusted data

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

CVE-2023-34050 Spring AMQP Deserialization Vulnerability

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

CVE-2023-34050 Spring AMQP Deserialization Vulnerability

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

CVE-2023-34050

CVE-2023-34050 affects Spring AMQP: deserialization vulnerability in SimpleMessageConverter/SerializerMessageConverter when no allowed-list patterns are configured. Versions affected: 1.0.0–2.4.16 and 3.0.0–3.0.9. If untrusted messages originate from a compromised source and write permissions to ...

Oracle MySQL Enterprise Monitor (October 2023 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Struts. Supported versions...

Spring AMQP Code Issue Vulnerability

Spring AMQP applies core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 1.0.0 through 2.4.16 and 3.0.0 through 3.0.9, which stems from the addition of an Allowed List pattern for deserializable class names in Spring...

GHSA-V9HX-V6VF-G36J WebAuthn4J Spring Security Improper signature counter value handling

Improper signature counter value handling Impact A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator...

WebAuthn4J Spring Security Improper signature counter value handling

Improper signature counter value handling Impact A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator...

This Week in Spring - October 17th, 2023

Hi, Spring fans! Welcome to yet another installment of This Week in Spring! It's October 17th, 2023, and I am here in Montreal, Canada, and then I'm off to Salt Lake City, Utah on Thursday for the Java User Group there. Don't miss it! We've got a lot to cover this week so let's dive right into it...

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

Design/Logic Flaw

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...