6525 matches found
Open Redirect in Spring Security OAuth
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Authorization
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
CVE-2019-11269 affects Spring Security OAuth; an open-redirect at the authorization endpoint (redirect_uri) can leak the authorization code. Affected versions: 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, 2.0 before 2.0.18, and older unsupported versions. Attack requires a crafted reques...
CVE-2019-11269 Open Redirector in spring-security-oauth2
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Internet Bug Bounty: Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem
I've been exploring the industry-wide scope of the use of HTTP to resolve dependencies in build infrastructure across the industry. What I unearthed was that some of the most popular libraries and two compilers were impacted by this vulnerability. Vulnerability CWE-829: Inclusion of Functionality...
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +493 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.21.RELEASE)
org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-XGGX-FX6W-V7CH...
ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +1138 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.1.7.RELEASE)
org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.21 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-derby =2.0 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-h2 =2.0 -...
GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...
Improper Neutralization of Wildcards or Matching Symbols
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...
ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +690 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.7.RELEASE)
org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.1, =0.0.8 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-X...
Design/Logic Flaw
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...
CVE-2019-3802
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...
CVE-2019-3802 Additional information exposure with Spring Data JPA example matcher
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...
CVE-2019-3802
CVE-2019-3802 affects Spring Data JPA up to versions 2.1.6, 2.0.14, and 1.11.20. Affected component is ExampleMatcher using StringMatcher.STARTING, StringMatcher.ENDING, or StringMatcher.CONTAINING, where crafted example values could return more results than intended. Multiple connected sources c...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Open Redirection
spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...
Insecure Session Management
infinispan spring-core contains insecure session management. In AbstractInfinispanSessionRepository.java, when getId returns a different value from getOriginalId, the original session is not deleted. An attacker can reuse the original ID to gain access to the application as the user...