cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +436 more potentially affected by CVE-2021-29441 +1 more via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.0)

com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.0, =1.1, =1.1, =0.0.2, =0.0.2, =1.0.8, =1.4.0, =2021.6.0 - cn.iisme.cloud:iisme-demos-nacos-core =1.0.1 - cn.iisme.cloud:iisme-demos-nacos-web =1.0.1 - cn.iisme.cloud:iisme-gateway-nacos =1.0.1 -...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.8.1 patch release and security update

A micro version update from 7.8.0 to 7.8.1 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impac...

org.smartboot.flow:smart-flow-admin (>=1.0.8 <=1.1.4), org.smartboot.servlet:smart-servlet-maven-plugin (>=0.1.9 <=0.6) +1 more potentially affected by CVE-2021-29425 via org.smartboot.servlet:servlet-core (>=0.1.9 <=0.6)

org.smartboot.servlet:servlet-core MAVEN version =0.1.9, =1.0.8, =0.1.9, =0.1.9, =0.6 Source cves: CVE-2021-29425 Source advisory: OSV:GHSA-GWRP-PVRQ-JMWV...

CVE-2021-31408

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Cross site request forgery (csrf)

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

cc.eamon.open:auth (=0.0.2), cn.easyproject:easyshiro-redis-cache (=2.6.0-RELEASE) +770 more potentially affected by CVE-2020-17510 via org.apache.shiro:shiro-spring (>=1.0.0-incubating <=1.6.0)

org.apache.shiro:shiro-spring MAVEN version =1.0.0-incubating, =1.0, =1.0, =1.0.0, =1.0.4 - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE - cn.org.awcp:awcp-metadesigner-applicationImpl =1.0-RELEASE - cn.org.awcp:awcp-unit-application =1.0-RELEASE and more Source cves: CVE-2020-17510...

Authentication bypass in Apache Shiro

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

GHSA-7CJ4-GJ8M-M2F7 Authentication bypass in Apache Shiro

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), cn.jhc:umeditor-vaadin-js (=0.0.1) +128 more potentially affected by CVE-2021-31403 via com.vaadin:vaadin-server (>=7.0.0 <=7.7.23)

com.vaadin:vaadin-server MAVEN version =7.0.0, =0.5, =1.1, =1.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.2.4 and more Source cves: CVE-2021-31403 Source advisory: OSV:GHSA-75XC-QVXH-27F8...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

Authentication flaw

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

CVE-2021-26074 affects Atlassian Connect Spring Boot (ACSB) versions 1.1.0 through 2.1.2 (before 2.1.3). The root cause is that ACSB erroneously accepts context JWTs on lifecycle endpoints (e.g., installation) where only server-to-server JWTs should be accepted, enabling an attacker to send authe...

PT-2021-16941 · Atlassian · Connect Spring Boot

Name of the Vulnerable Software and Affected Versions: Atlassian Connect Spring Boot versions 1.1.0 through 2.1.2 Description: The issue concerns broken authentication in Atlassian Connect Spring Boot, a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassia...

Atlassian Connect Spring Boot 授权问题漏洞

Atlassian Connect Spring Boot is an application component from Atlassian Australia. A Spring Boot starter program is provided for building Atlassian Connect add-ons for JIRA Software, Service Desk and Core and Confluence. A security vulnerability exists in Atlassian Connect Spring Boot versions...