Moderate: Red Hat Security Advisory: Red Hat support for Spring Boot 2.4.9 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Spring Cloud OpenFeign 安全漏洞

Vmware Spring Cloud OpenFeign is an open source, declarative Rest client for Spring Boot applications from Vmware, USA. A security vulnerability exists in Spring Cloud OpenFeign, which stems from the use of type-level "@RequestMapping" annotations on the Feign client interface in RELEASE and...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. Spring AMQP suffers from a security vulnerability that stems from a Spring AMQP Message object that will deserialize a message body with content type application x-java-serialized-object i...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Data REST that stems from the additional disclosure of HTTP resources under the uri for custom controller...

PT-2021-14845 · Spring · Spring Cloud Openfeign

Name of the Vulnerable Software and Affected Versions: Spring Cloud OpenFeign versions 2.2.0.RELEASE through 2.2.9.RELEASE Spring Cloud OpenFeign versions 3.0.0 through 3.0.4 Description: The issue affects applications using type-level @RequestMapping annotations over Feign client interfaces,...

Vmware Spring Framework 安全漏洞

Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Vmware Spring Framework that originates from bypassing Spring Framework...

Oracle MySQL Enterprise Monitor (Oct 2021 CPU)

The 8.0.25 versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Spring Security. Supported...

Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities

Summary IBM Security Risk Manager on CP4S has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in Spring Framework version used by IBM Watson Machine Learning Accelerator. Spring framework upgrade to version 5.2.15 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Sprin...

SpringBootVulExploit

This repository is an offensive tool for Spring Boot exploitation, specifically targeting various vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can lead to remote code execution RCE. The...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-20227 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a...

PT-2022-1950

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.47-alt1 through 2.4.57-alt2 Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ Description The Apache HTTP Server is affected by HTTP request splitting with mod rewrite and mod proxy CVE-2023-25690...

SpringBootVulExploit

This repository is an offensive tool for Spring Boot exploitation. It contains various modules and scripts that can be used to exploit vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can b...

Demo: A Guide to Virtual Machine App Security

Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...

Demo: A Guide to Virtual Machine App Security

Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...

GHSA-F6JP-J6W3-W9HM Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

A flaw was found in Apache Shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability...

Authentication Bypass

Apache Shiro Web is vulnerable to authentication bypass. An unhandled HTTP request causes an authentication bypass while using it with Spring Boot...

CVE-2020-12083

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 7.11.0-64...