6746 matches found
CVE-2022-31691
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...
CVE-2022-31691
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...
CVE-2022-31691
CVE-2022-31691 affects Spring Tools 4 for Eclipse (STS4) up to 4.16.0 and related VSCode extensions (Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor, Cloudfoundry Manifest YML Support) up to 1.39.0. The root cause is the Snakeyaml YAML editing library, which can allow remote code exe...
Vulnerabilities fixed in VMware Spring
VMware has fixed vulnerabilities in Spring Security and spring-security-oauth2-client. A malicious party could vulnerabilities potentially exploit them to obtain elevated privileges or to bypass authentication. Only Spring environments using specific configurations are vulnerable. VMware has...
Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security
CVE-2022-31692 Demo Overview A simple Spring Boot applicat...
Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security
CVE-2022-31692 Demo Overview A simple Spring Boot applicat...
A Bootiful Podcast: Java Champion, legend, and prolific open source contributor Andres Almiray
Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Java Champion, legend, and prolific opensource contributor Andres Almiray @aalmiray...
Privilege Escalation in VMware spring-security
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in VMwares Spring Security affects the mapping of permitted scope in spring-security-oauth2-client, allowing privilege escalation...
Security Bulletin: Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
Summary Cloud Pak for Security CP4S 1.9.1.0 and earlier is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...
cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory (=3.1.0.RELEASE), cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory-conf (=3.1.0.RELEASE) +572 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.0.10.RELEASE <=5.6.8)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.0.10.RELEASE, =1.1.1-alpha, =1.1.1-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.1, =0.3 - cn.itlym:shoulder-security-code =0.3 - cn.itlym:shoulder-starter-auth-server =0.3 -...
GHSA-32VJ-V39G-JH23 spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (>=j11.2.6.0 <=j11.2.6.1) +1919 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.8)
org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-31692 Source advisory:...
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
GHSA-MMMH-WCXM-2WR4 Spring Security authorization rules can be bypassed via forward or include dispatcher types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2391 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.4)
org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...
cn.kduck:kduck-security-principal (=1.1.3), com.atlassian.connect:atlassian-connect-spring-boot-core (>=3.0.0 <=3.0.10) +338 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.7.1 <=5.7.4)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.7.1, =3.0.0, =3.0.0, =4.3.0, =5.1.3, =5.1.3, =5.1.0, =4.2.0, =0.1.33, =1.18.8, =1.18.8, =2.9 - com.graphql-java-generator:graphql-maven-plugin =1.18.8 and more Source cves: CVE-2022-31690https://vulners.com/cve/CVE-2...
spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
This Week in Spring - November 1st, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Howre you doin? I hope youre doing well and had a great Halloween if you celebrate. Im doing great. Im in sunny Kuala Lumpur, Malaysia, eating delicious food and hanging out with amazing people. Tomorrow, Im off to Penang,...
CVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
CVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...