6877 matches found
Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
VMware Spring Boot < 2.7.11, 3.0.x < 3.0.6 Security Bypass Vulnerability
VMware Spring Boot is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot...
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 jmreport/qurestSql – Unauthorized SQL inject...
Improper Logout Implementation
spring-security-web is vulnerable to Improper Logout Implementation. The vulnerability exists in the SwitchUserFilter.java because it does not properly clean the security context if using serialized versions, which allows an attacker to stay authenticated even after they perform a logout...
Dream Technology mica 跨站脚本漏洞
Dream Technology mica is a Spring Cloud microservices development core package from China-based Dream Technology. A cross-site scripting vulnerability exists in Dream Technology mica 3.0.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Form Object Handler...
GHSA-G5H3-W546-PJ7F Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5078 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...
ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +825 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...
cc.zhaoac:faith-core-boot (>=1.0.0 <=1.0.1), cc.zhaoac:faith-core-launch (>=1.0.0 <=1.0.1) +1019 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=2.7.10)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - cc.zhaoac:faith-tool-boot =1.1.0 - cc.zhaoac:faith-tool-common =1.1.0 - cc.zhaoac:faith-tool-launch =1.1.0 - cc.zhaoac:faith-tool-log =1.1.0 -...
cc.vihackerframework:vihacker-auth-starter (=1.0.8.R), cc.vihackerframework:vihacker-common-starter (=1.0.8.R) +786 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.0.5)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.4.0 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W546-PJ7F...
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
Security feature bypass
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
CVE-2023-20873
CVE-2023-20873 affects VMware Tanzu Spring Boot deployed in Cloud Foundry, enabling a security bypass due to a wildcard pattern matching flaw in Spring Boot’s access controls. Public references in the CVE describe impact on VMware Tanzu Spring Boot and related IBM deployments, with remediation th...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
PT-2023-17684 · Unknown · Spring Boot
Name of the Vulnerable Software and Affected Versions: Spring Boot versions 3.0.0 through 3.0.5 Spring Boot versions 2.7.0 through 2.7.10 Spring Boot older unsupported versions Description: An application that is deployed to Cloud Foundry could be susceptible to a security bypass. Recommendations...
au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2589 more potentially affected by CVE-2023-20862 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.7)
org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =6.4.0, =6.6.2 - cc.chensoul.nacos:core-test =2.5.2 - cc.chensoul.nacos:nacos-address =2.5.2 - cc.chensoul.nacos:nacos-cmdb =2.5.2 - cc.chensoul.nacos:nacos-config =2.5.2 - cc.chensoul.nacos:nacos-console =2.5...