6877 matches found
spring-boot: Spring Boot Welcome Page DoS Vulnerability
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...
Security Bulletin: IBM Operational Decision Manager June 2023 - Multiple CVEs
Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is...
Docker Compose Support in Spring Boot 3.1
Docker Compose support in Spring Boot 3.1 builds on top of the ConnectionDetails abstraction, which we've featured in a separate blog post. If you haven't already read it, please do so before reading this post. Docker Compose "is a tool for defining and running multi-container Docker applications...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln jmreport/qurestSq...
This Week in Spring - June 20th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Sydney, Australia, talking to customers, koalas, kangaroos, and whoever else will listen! I'll be doing a live presentation, tonight at the Microsoft Reactor here in Sydney. Register now and come join me! As usual, we'...
springframework: BCrypt skips salt rounds for work factor of 31
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...
Spring Boot 3.1's ConnectionDetails abstraction
If you've used Spring Boot for a while, you're probably familiar with setting up connection details using properties. For example, you may have used spring.datasource.url to configure a JDBC connection. In Spring Boot 3.1 this continues to work as you'd expect, but we've changed things a bit unde...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
spring-boot: Spring Boot Welcome Page DoS Vulnerability
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...
This Week in Spring - June 13th, 2023
This Month in Spring - June 13th, 2023 Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Taipei, eating delicious food and meeting amazing people in the sweltering weather. How're you doin'? I've got to join a meeting, so I'll make this quick. One quick thi...
A Bootiful Podcast: Microsoft’s Sean Li on Azure and Spring Boot
Hi, Spring fans! In this relatively quick installment, recorded live from the lovely Spring I/O 2023, Josh Long talks to Microsoft's Sean Li about some of the latest and greatest in the Azure ecosystem for Spring developers...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. VMware Tanzu Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions. VMware Tanzu Spring...
Exploit for Code Injection in Vmware Spring_Framework
PoC exploit for CVE-2022-22965, a remote code execution vulnerab...