SUSE-SU-2022:1294-1 Security update for tomcat

This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package bsc1196137 Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

SUSE-SU-2022:1293-1 Security update for tomcat

This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

SUSE-SU-2022:1292-1 Security update for tomcat

This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

CVE report published for Spring Security OAuth

We have released Spring Security OAuth 2.5.2 to address the following CVE report. CVE-2022-22969: Denial-of-Service DoS in spring-security-oauth2 This vulnerability exposes OAuth 2.0 Client applications only. Please review the information in the CVE report and upgrade immediately...

Pivotal Spring Security OAuth 资源管理错误漏洞

A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...

PT-2022-15749 · Spring · Spring Security Oauth

Name of the Vulnerable Software and Affected Versions: Spring Security OAuth versions 2.5.x prior to 2.5.2 Spring Security OAuth older unsupported versions Description: The issue is a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. ...

Oracle MySQL Enterprise Monitor (Apr 2022 CPU)

The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Log4j. Supported versions that...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22965

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22965? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22965 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

This Week in Spring - April 19th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs Ill have are the amazing memories and...

VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability

The VMware Spring Framework is prone to a data binding rules vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Boot < 2.5.13, 2.6.x < 2.6.7 Data Binding Rules Vulnerability

VMware Spring Boot is prone to a data binding rules vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

Spring Cloud Gateway Actuator API SpEL Code Injection CVE-202...

A Bootiful Podcast: Cloud guru Tiffany Jernigan

Hi, Spring fans! In this installment, Josh Long @starbuxman talk about his first in-person conference since the pandemic descended upon us -the fabulous Devnexus 2022 show - and talks to colleague, teacher, friend, and Kubernetes legend Tiffany Jernigan @tiffanyfayj...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +39177 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=1.2.1 <=5.2.20.RELEASE)

org.springframework:spring-context MAVEN version =1.2.1, =1.1, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.0.51 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...

GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10762 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=5.3.0 <=5.3.18)

org.springframework:spring-context MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...

SUSE: Security Advisory (SUSE-SU-2022:1217-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...