Possible privilege escalation in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +3026 more potentially affected by CVE-2018-1271 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =2.0.7.RELEASE and...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +20817 more potentially affected by CVE-2018-1271 via org.springframework:spring-core (>=1.2 <=4.3.14.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.4-SB1X, =0.1.0, =4.2.1, =4.4.1, =0.1.0, =1.0, =5.0.9, =0.0.20, =0.0.34 and more Source cves: CVE-2018-1271 Source advisory: OSV:GHSA-G8HW-794C-4J9G...

Path Traversal in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

GHSA-G8HW-794C-4J9G Path Traversal in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +1037 more potentially affected by CVE-2018-1258 via org.springframework:spring-core (=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.5.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - ai.dev-tools:ai-devtools =0.1.12, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3.RELEASE,...

GHSA-CXRJ-66C5-9FMH Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +21320 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=1.2 <=4.3.16.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.6, =0.1.4-SB1X, =0.1.0, =4.2.1, =4.4.1, =0.1.0, =1.0, =5.0.9, =5.1.0 and more Source cves: CVE-2018-1257 Source advisory: OSV:GHSA-RCPF-VJ53-7H2M...

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +3660 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =0.1.12, =1.0.0, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE and more Source cves...

GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

am.ik.home:uaa-client (>=1.0.0 <=1.2.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.2.0) +690 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.1.0.RELEASE <=4.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.1.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.0.7.OSS, =1.0.7.OSS, =3.0.1.3, =3.0.0, =3.0.1.2, =3.0.1.11 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

am.ik.blog:blog-domain (>=4.2.1 <=4.3.6), am.ik.blog:blog-mapper (>=4.4.1 <=4.5.0) +4431 more potentially affected by CVE-2018-1199 via org.springframework:spring-core (>=4.3.0.RELEASE <=4.3.13.RELEASE)

org.springframework:spring-core MAVEN version =4.3.0.RELEASE, =4.2.1, =4.4.1, =1.0.0.RELEASE, =1.0.0, =1.0.2, =1.6, =1.6, =1.6, =1.0.10, =0.2.13, =0.2.13, =0.2.13, =0.2.13, =0.2.28 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

am.ik.home:uaa-client (>=1.3.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.3.0 <=1.9.0) +1653 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =1.1.1, =1.12.0 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...