CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS7.1AI score0.20127EPSS

ai.foremast.metrics:foremast-spring-4x-k8s-metrics (>=0.1.6 <=0.2.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.10 <=0.1.12) +9746 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (>=4.2.0.RELEASE <=4.3.1.RELEASE)

org.springframework:spring-core MAVEN version =4.2.0.RELEASE, =0.1.6, =0.1.10, =0.1.6, =0.1.4-SB1X, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =4.2.1, =4.4.1, =9.1.1, =0.0.1, =1.0.0.RELEASE, =1.1.0.RELEASE and more Source cves: CVE-2018-15756 Source advisory: OSV:GHSA-FFVQ-7W96-97P7...

vulnersOsv•added 2020/06/15 7:34 p.m.•2 views

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...

7.5CVSS7.1AI score0.20127EPSS

Github Security Blog•added 2020/06/15 7:34 p.m.•80 views

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS2AI score0.20127EPSS

Exploits0References23Affected Software1

OSV•added 2020/06/15 7:34 p.m.•29 views

GHSA-FFVQ-7W96-97P7 Denial of Service in Spring Framework

7.5CVSS7.2AI score0.20127EPSS

Exploits0References23

7.5CVSS7.1AI score0.20127EPSS

ai.hyacinth.framework:core-service-admin-server (>=0.5.8 <=0.5.21), ai.hyacinth.framework:core-service-api-support (>=0.5.8 <=0.5.21) +3175 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (>=5.1.0.RELEASE <=5.1.19.RELEASE)

org.springframework:spring-core MAVEN version =5.1.0.RELEASE, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.8, =0.5.21 and more Source cves: CVE-2018-15756 Source advisory: OSV:GHSA-FFVQ-7W96-97P7...

vulnersOsv•added 2020/06/15 7:34 p.m.•2 views

com.erudika:para-jar (=1.31.0), com.erudika:para-server (=1.31.0) +82 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (=5.1.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.erudika:para-jar =1.31.0 - com.erudika:para-serv...

OSV•added 2020/06/15 7:34 p.m.•27 views

GHSA-2PPP-9496-P23Q Insufficient Entropy in Spring Security

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.4AI score0.00411EPSS

Exploits0References5

Github Security Blog•added 2020/06/15 7:34 p.m.•33 views

Insufficient Entropy in Spring Security

6.5CVSS4.7AI score0.00411EPSS

Exploits0References6Affected Software1

vulnersOsv•added 2020/06/15 7:34 p.m.•2 views

com.buession.cas:buession-cas-audit (>=2.0.0 <=2.2.1), com.buession.cas:buession-cas-captcha (>=2.0.0 <=2.2.1) +624 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE, =2.0.0, =2.0.0, =1.1.1, =1.1.1, =2.0.0, =1.1.1, =2.3.0, =1.1.1, =2.0.0, =2.0.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =2.0.0, =2.3.3 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

vulnersOsv•added 2020/06/15 7:34 p.m.•6 views

ch.rasc:wamp2spring-security (=1.0.0), cn.springcloud.gray:spring-cloud-gray-server (>=B.0.0.1 <=B.0.0.6) +209 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.2, =B.0.0.1, =2.21.8, =0.3.0, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

ai.hyacinth.framework:core-service-gateway-server (=0.5.24), au.org.consumerdatastandards:data-holder (>=1.0.0 <=1.12.0) +1476 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =1.0.0, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 - br.com.damsete:logging =0.0.1 - cc.cc4414:cc-spring-auth-server =0.5.1 - cc.cc4414:cc-spring-resource-starter =0.5.1 -...

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2637 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...