6877 matches found
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20) +35876 more potentially affected by CVE-2023-20863 via org.springframework:spring-expression (>=3.0.0.RELEASE <=5.2.23.RELEASE)
org.springframework:spring-expression MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2023-20863 Source advisory: OSV:GHSA-WXQC-PXW9-G2P8...
Spring Session session ID can be logged to the standard output stream
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.superstream:spring-kafka (=3.0.1-alpha1) +8811 more potentially affected by CVE-2023-20863 via org.springframework:spring-expression (>=6.0.0 <=6.0.7)
org.springframework:spring-expression MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.5.0, =4.0.0, =4.0.3 - be.jidoka:jdk-keycloak-admin =2.0.0 and more Source cves: CVE-2023-20863 Source advisory: OSV:GHSA-WXQC-PXW9-G2P8...
cn.herodotus.engine:access-sdk-all (>=3.0.1.0 <=3.0.4.2), cn.herodotus.engine:access-sdk-justauth (>=3.0.1.0 <=3.0.4.2) +85 more potentially affected by CVE-2023-20866 via org.springframework.session:spring-session-core (=3.0.0)
org.springframework.session:spring-session-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.session:spring-session-core and may be impacted: - cn.herodotus.engine:access-sdk-all =3.0.1.0, =3.0.1.0, =3.0.1.0,...
Spring Framework vulnerable to denial of service
In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial-of-service DoS condition...
GHSA-R7QR-F43M-PXFR Spring Session session ID can be logged to the standard output stream
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
DEBIAN-CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
Race condition
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
UBUNTU-CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
Spring Session 安全漏洞
Spring Session is a module from Spring. A security vulnerability exists in Spring Session version 3.0.0, which stems from the recording of session IDs into the standard output stream leading to the disclosure of sensitive information...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2023-20866
CVE-2023-20866 affects Spring Session 3.0.0, where the session ID can be logged to standard output when using HeaderHttpSessionIdResolver. This leaks sensitive information from logs and can enable session hijacking. The NVD/CVSS data indicates a base score of 6.5 (MEDIUM) with high confidentialit...
The vulnerability of the mvcRequestMatch component in the Java framework for securing industrial applications using Spring Security allows attackers to compromise the integrity of protected information.
The vulnerability of the mvcRequestMatch component in the Java framework for securing industrial applications using Spring Security is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...
A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security
Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...