ch.rasc:wamp2spring-security (=1.0.0), com.github.henkexbg:gallery-api (=0.3.0) +58 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (=5.0.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - ch.rasc:wamp2spring-security =1.0.0 -...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +2351 more potentially affected by CVE-2018-1199 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.2.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =1.0.3.RELEASE,...

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

spring-framework: Address partial fix for CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

spring-framework: Possible RCE via spring messaging

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

br.com.thiaguten:umbrella-monitoring (>=0.1.0 <=0.1.1), cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28) +7 more potentially affected by CVE-2018-15531 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.73.1)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.1.0, =0.0.4, =1.57.0, =1.64.0, =1.5.7.0, =1.10.0, =2.0.0, =2.0.0, =2.0.1 - uk.ac.ebi.interpro.scan:server =5.36-75.0 Source cves: CVE-2018-15531 Source advisory: OSV:GHSA-6FVX-R7HX-3VH6...

am.ik.home:uaa-client (>=1.0.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.0.0 <=1.8.1) +1130 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=1.10.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.10.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1, =1, =1, =1, =1, =1, =0.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

GHSA-5Q8M-MQMX-PXP9 Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +677 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.6.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.1.4, =1.4.1, =1.5.1.beta - cn.com.zhaoweiping:Alpha-Framework =2.0.0.RELEASE - cn.gudqs:platform =1.0 and more Source cves: CVE-2018-1259 Source advisor...

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +355 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.11.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =1.0.0-RC1, =1.0.0-RC1, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =6.2.0.5-oss - com.att.ocnp.mgmt:grm-edge-service =1.1.18-oss and more Source cves: CVE-2018-1259...

GHSA-M929-7FR6-CVJG Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...

GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...

Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...