CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

Authorization

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

CVE-2021-22119

CVE-2021-22119 affects Spring Security: DoS via initiation of OAuth 2.0 Authorization Requests in Web and WebFlux clients. Affected versions include 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10, and 5.2.x before 5.2.11. Impact is denial of service (resource exhaustion) with a singl...

JetLinks open source IoT platform suffers from weak password vulnerability

JetLinks open source Internet of Things platform based on Java8, Spring Boot 2.x, WebFlux, Netty, Vert.x, Reactor and other development , is an out-of-the-box , secondary development of enterprise-class Internet of Things infrastructure platform . JetLinks open source IoT platform has a weak...

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

VMware Spring Security 安全漏洞

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Security that allows an attacker to send multiple requests to initiate authorization requests granted by the...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

SpringBootVulExploit

It is an offensive tool for Spring Boot exploitation. The repository contains a collection of exploits and techniques for exploiting Spring Boot applications, including: Spring Boot Vulnerability Exploit Check List: a checklist for identifying vulnerabilities in Spring Boot applications...

GHSA-2X7V-W2MV-F3RX Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

Quarterly Report: Incident Response trends from Spring 2021

By David Liebenberg and Caitlin Huey. While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response CTIR saw this past quarter. These... This is only t...

CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

Design/Logic Flaw

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

CVE-2021-29500 Missing validation of JWT signature

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

CVE-2021-29500

The CVE-2021-29500 issue affects the bubble-fireworks project (fxbin/bubble-fireworks) in BUILD-SNAPSHOT builds. The root cause is improper verification of JSON Web Token signatures in the library’s JWT handling, which enables forgery of valid JWTs. Affected component: bubble-fireworks-core/JWT v...

Improper Verification of Cryptographic Signature

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

Privilege Escalation

spring-web is vulnerable to privilege escalation. Creating or recreating the temporary storage directory creates multiple instances collision which allows a locally authenticated malicious user to read or modify files being uploaded or overwrite arbitrary files with multipart request data...

Vmware Spring Framework Elevation of Privilege Vulnerability

Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . An elevation of privilege vulnerability exists in Vmware Spring Framework, which can be exploited by an...