pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

club.javafamily:javafamily-utils-all (>=2.3.2-beta.3 <=2.3.2-beta.4), club.javafamily:javafamily-utils-pdf-itext (>=2.3.2-beta.3 <=2.3.2-beta.4) +213 more potentially affected by CVE-2022-24196 via com.itextpdf:itext7-core (>=7.0.4 <=7.1.16)

com.itextpdf:itext7-core MAVEN version =7.0.4, =2.3.2-beta.3, =2.3.2-beta.3, =1.6.0, =0.0.30, =0.1, =1.0, =1.0, =1.0, =1.1 - com.houkunlin.easypoi:easypoi-base =5.0.2 - com.houkunlin.easypoi:easypoi-spring-boot-starter =5.0.2 - com.houkunlin.easypoi:easypoi-web =5.0.2 -...

GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Mageia: Security Advisory (MGASA-2014-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0235)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

JavaQuarkBBS Cross-Site Scripting Vulnerability

JavaQuarkBbs is a simple Java community based on Spring Boot implementation in China.JavaQuarkBBS in v2 and its previous versions suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit thi...

com.hazelcast.jet.contrib:hazelcast-jet-spring-boot-starter (>=2.0.0 <=2.0.1), com.hazelcast.jet.contrib:http (=0.1) +57 more potentially affected by unknown CVE via com.hazelcast.jet:hazelcast-jet (>=4.1 <=4.5.2)

com.hazelcast.jet:hazelcast-jet MAVEN version =4.1, =2.0.0, =4.1, =4.3, =4.1, =4.1, =4.2, =4.1, =4.1, =4.1, =4.1, =4.4, =4.1, =4.5.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V57X-GXFJ-484Q...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring. Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could...

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-22096)

Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed the vulnerability. Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a...

ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +7542 more potentially affected by CVE-2021-22060 via org.springframework:spring-core (>=5.2.0.RELEASE <=5.2.18.RELEASE)

org.springframework:spring-core MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.1.RELEASE and more Source cves:...

ai.test.sdk:test-ai-appium (>=0.0.1 <=0.1.0), app.commerce-io:spring-boot-starter-data-search-core (>=1.1.0 <=1.3.0-RC1) +7307 more potentially affected by CVE-2021-22060 via org.springframework:spring-core (>=5.3.0 <=5.3.13)

org.springframework:spring-core MAVEN version =5.3.0, =0.0.1, =1.1.0, =1.1.0, =0.0.1, =0.3.0, =1.13.0, =1.13.0, =1.3.2.RELEASE, =1.3.1.RELEASE, =1.3.1.RELEASE, =2.2.37, =0.5.3, =0.1.2, =0.1.8 and more Source cves: CVE-2021-22060 Source advisory: OSV:GHSA-6GF2-PVQW-37PH...

GHSA-6GF2-PVQW-37PH Log entry injection in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

Log entry injection in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

VulnCheck KEV: CVE-2020-5410

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

DEBIAN-CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

UBUNTU-CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...