6525 matches found
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
UBUNTU-CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
Privilege escalation
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
CVE-2021-22118 affects the Spring Framework WebFlux component. The vulnerability exists in Spring Framework versions: 5.2.x prior to 5.2.15 and 5.3.x prior to 5.3.7. An authenticated local attacker can exploit a flaw tied to (re)creating the temporary storage directory to read or modify files upl...
PT-2021-3400 · Unknown · Spring Framework
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.x prior to 5.2.15 Spring Framework versions 5.3.x prior to 5.3.7 Description: The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker ...
Vmware Spring Framework 权限许可和访问控制问题漏洞
Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . An elevation of privilege vulnerability exists in Vmware Spring Framework, which can be exploited by an...
com.scoperetail.fusion:fusion-connect (>=0.57 <=0.79), com.scoperetail.fusion:fusion-connect-core (>=0.21 <=0.58) +11 more potentially affected by CVE-2020-11972 via org.apache.camel:camel-rabbitmq (>=3.0.0 <=3.22.4)
org.apache.camel:camel-rabbitmq MAVEN version =3.0.0, =0.57, =0.21, =0.5, =0.1.0, =1.0.0, =0.10.1, =0.10.1, =2.0.0, =1.0.0-M6, =1.0.0-M6, =3.0.0, =3.22.4 - org.springframework.cloud:spring-cloud-contract-sample-camel =4.1.6 Source cves: CVE-2020-11972 Source advisory: OSV:GHSA-2X6R-7427-95CM...
Security Bulletin: Security Bypass Vulnerability in Spring Framework Affects IBM Control Center (CVE-2020-5421)
Summary Spring Framework vunerability could allow a remote attacker to bypass security restrictions, caused by improper input validation. Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by...
net.simpledynamics:openid-connect-server-spring-boot-config (>=0.1.0 <=0.1.3), net.simpledynamics:openid-connect-server-spring-boot-samples-default (>=0.1.0 <=0.1.1) +7 more potentially affected by CVE-2021-26715 via org.mitre:openid-connect-server (>=1.1.0 <=1.3.3)
org.mitre:openid-connect-server MAVEN version =1.1.0, =0.1.0, =0.1.0, =0.1.0, =0.11, =1.1.0, =1.2.0, =1.2.0, =1.3.3 Source cves: CVE-2021-26715 Source advisory: OSV:GHSA-792R-MH2Q-P8QP...
Atlassian Connect Spring Boot Authorization Issues Vulnerability
Atlassian Connect Spring Boot is an application component from Atlassian Australia. A Spring Boot starter program is provided for building Atlassian Connect add-ons for JIRA Software, Service Desk and Core and Confluence. An authorization issue vulnerability exists in Atlassian Connect Spring Boo...
cash.muro:cashid4spring (>=0.1.0-alpha <=0.1.0-alpha2), cash.muro:cashidss (=0.1.0-alpha) +710 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=5.4.0 <=5.4.3)
org.springframework.security:spring-security-web MAVEN version =5.4.0, =0.1.0-alpha, =0.1.0-alpha, =0.0.1, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.578.141 and more Source cves: CVE-2021-22112 Source...
br.com.damsete:logging (=0.0.2), br.com.damsete:spring-security-jwt (=0.0.1) +1422 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=5.3.0.RELEASE <=5.3.7.RELEASE)
org.springframework.security:spring-security-web MAVEN version =5.3.0.RELEASE, =1.0.1, =0.5.0.RELEASE, =0.0.1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3, =0.3, =0.3, =0.5 and more Source cves: CVE-2021-22112 Source advisory: OSV:GHSA-GQ28-H5VG-8PRX...
GHSA-GQ28-H5VG-8PRX Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.11) +4733 more potentially affected by CVE-2021-22112 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.2.8.RELEASE)
org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.3, =0.3, =0.3, =0.6 and more Source cves: CVE-2021-22112 Source advisory: OSV:GHSA-GQ28-H5VG-8PRX...
com.quamto.jira:plugins-base (>=1.1.1-rc <=1.6.1) potentially affected by CVE-2021-26074 via com.atlassian.connect:atlassian-connect-spring-boot-starter (>=1.2.1 <=1.5.0)
com.atlassian.connect:atlassian-connect-spring-boot-starter MAVEN version =1.2.1, =1.1.1-rc, =1.6.1 Source cves: CVE-2021-26074 Source advisory: OSV:GHSA-CPCR-74Q9-74GP...
Broken Authentication in Atlassian Connect Spring Boot
Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3. Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...