6525 matches found
Authorization
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
Denial of service
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15758 Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15756 DoS Attack via Range Requests
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15758
Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
CVE-2018-15756 (Spring Framework) affects Spring Web MVC/WebFlux ranges handling: the ResourceHttpRequestHandler, or returning a Resource from an annotated controller, can be abused by a crafted Range header to trigger a denial-of-service. Affected versions include Spring Framework 5.1, 5.0.x bef...
jp.co.ap-com:spring-oauth2-serializable (=0.0.1) potentially affected by CVE-2016-4977 via org.springframework.security.oauth:spring-security-oauth2 (=2.0.0.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security.oauth:spring-security-oauth2 and may be impacted: -...
GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2016-4977 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2016-4977 Source advisory: OSV:GHSA-7Q9C-H23X-65FQ...
br.jus.stf.digital:core (>=0.1.0 <=1.6.0), br.jus.stf.digital:test (>=1.0.0 <=1.0.2) +278 more potentially affected by CVE-2018-11087 via org.springframework.amqp:spring-amqp (>=1.0.0.RELEASE <=1.7.0.RELEASE)
org.springframework.amqp:spring-amqp MAVEN version =1.0.0.RELEASE, =0.1.0, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.0, =1.0, =0.9.0, =0.20.0, =1.31.1, =1.35.0 and more Source cves: CVE-2018-11087 Source advisory:...
GHSA-W4G2-9HJ6-5472 Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...
cc.voox:publisher (>=0.1.0.Beta <=2.2.0), cloud.altemista.fwk.integration:cloud-altemistafwk-core-integration-amqp-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +130 more potentially affected by CVE-2018-11087 via org.springframework.amqp:spring-amqp (>=2.0.0.RELEASE <=2.0.5.RELEASE)
org.springframework.amqp:spring-amqp MAVEN version =2.0.0.RELEASE, =0.1.0.Beta, =3.0.0.RELEASE, =3.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =0.1.0-RC1, =1.0.0, =1.0.0, =1.0.0.20191020.beta, =1.0.0.20210917f.beta and more Source cves: CVE-2018-11087 Source advisory: OSV:GHSA-W4G2-9HJ6-5472...
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...
Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
GHSA-XX65-CC7G-9PFP Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...
com.github.microwww:mocker-redis-spring-boot-autoconfigure (>=0.0.1 <=3.0.0), com.github.microwww:mocker-redis-spring-boot-starter (>=0.0.1 <=3.0.2-2.8) +79 more potentially affected by CVE-2018-1196 via org.springframework.boot:spring-boot (=1.5.0.RELEASE)
org.springframework.boot:spring-boot MAVEN version =1.5.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.boot:spring-boot and may be impacted: - com.github.microwww:mocker-redis-spring-boot-autoconfigure =0.0.1, =0.0.1,...