6877 matches found
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
Directory traversal
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
Lukashinsch Spring Boot Actuator Logview 路径遍历漏洞
Lukashinsch Spring Boot Actuator Logview is a codebase by Lukashinsch, an individual developer, that provides Spring Boot with the ability to view logs through a web interface. A security vulnerability exists in Lukashinsch Spring Boot Actuator Logview version 0.2.13. An attacker could exploit th...
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview
Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview version 0.2.13 Description: The issue allows Directory Traversal to sibling directories via the LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to...
Spring Framework Reference Documentation Update
Starting with version 6.0.9, the Spring Framework reference documentation site is generated with Antora. This is a big change that brings many improvements. This blog post provides context around that. Overview For a long time the Spring Framework reference documentation had two versions, one...
CVE-2023-29986
CVE-2023-29986 affects spring-boot-actuator-logview 0.2.13. The vulnerability is a Directory Traversal through LogViewEndpoint.view, enabling access to files outside the intended directory due to insufficient input validation. Documents indicate risk is a filesystem path traversal to sibling dire...
Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).
Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...
This Week in Spring - May 9th, 2023
Hi, Spring fans! Welcome to another wonderful, fancyful installment of This Week in Spring! I was just at the first Devoxx GR, in the sunny mediterranean city of Athens, Greece. Uh, yah, this was a good'un. If you can get to it, you should. Don't miss next year's installment if you missed this on...
K000134500: Spring Framework vulnerability CVE-2023-20860
Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31690
Summary There is a vulnerability in Spring Security that could allow a remote attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31690...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31692
Summary There is a vulnerability in Spring Security that could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION...
Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20861
Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
CVE-2023-20866
A flaw was found in Spring Session. If using HeaderHttpSessionIdResolver, the session id can be logged to the standard output stream. This may log sensitive information and could be used by an attacker for session hijacking...
Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) spring-expression/spring-core security vulnerability [CVE-2023-20863]
Summary IBM ECM Content Management Interoperability Services CMIS spring-expression/spring-core security vulnerability CVE-2023-20863, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by...
Spring Framework < 5.2.23 / 5.3.x < 5.3.26 / 6.0.x < 6.0.7 DoS (CVE-2023-20861)
The remote host contains a Spring Framework version is affected by a denial of service DoS vulnerability. It is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition. Note that Nessus has not tested for this issue but has instead relie...
Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)
The remote host contains a Spring Framework version is affected by a security bypass vulnerability. Using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) spring-expression security vulnerability CVE-2023-20861
Summary IBM ECM Content Management Interoperability Services CMIS spring-expression security vulnerability CVE-2023-20861, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...