spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

'Zip Slip' Vulnerability Affects Thousands of Projects Across Many Ecosystems

Security researchers at British software firm Snyk have revealed details of a critical vulnerability that affects thousands of projects across many ecosystems and can be exploited by attackers to achieve code execution on the target systems. Dubbed "Zip Slip," the issue is an arbitrary file...

CVE-2018-1260

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

Pivotal Spring Java Framework 5.0.x Remote Code Execution

Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution

Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...

Pivotal Spring Integration Zip Arbitrary File Write Vulnerability

Pivotal Spring Integration Zip is the United States Pivotal Software, Inc. of a compression/uncompression components used in Spring. An arbitrary file write vulnerability exists in Pivotal Spring Integration Zip. This allows an attacker to write arbitrary files to an affected system...

CVE-2018-1259

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

MGASA-2018-0235 Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

CVE-2018-1263

CVE-2018-1263 affects spring-integration-zip (prior to 1.0.2 per initial, with later references noting fixes up to 1.0.4). The flaw is a path-traversal during archive extraction, where filenames are concatenated to the target directory, allowing an arbitrary file write outside the intended folder...

Pivotal Spring Security and Spring Framework Elevation of Privilege Vulnerability

Pivotal Spring Security and Spring Framework are both products of Pivotal Software, Inc.Pivotal Spring Security is a set of security frameworks that provide illustrative security protection for Spring-based applications.Spring Framework Spring Framework is a set of open source Java, Java EE...

Pivotal Spring-integration-zip Arbitrary File Write Vulnerability

Pivotal Spring-integration-zip is a U.S. Pivotal Software, Inc. used in Spring in the compression/decompression components. An arbitrary file write vulnerability exists in Pivotal Spring-integration-zip versions prior to 1.0.1. The vulnerability can be exploited to write arbitrary files with a...

Pivotal Spring Framework Denial of Service Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.6, 4.3.x prior to 4.3.1...

Pivotal Spring Data Commons Arbitrary File Read Vulnerability

Pivotal Spring Data Commons is a project of Pivotal Software, Inc. in the United States to provide data access based on the Spring model. A security vulnerability in Pivotal Spring Data Commons version 1.13 prior to 1.13.12 and version 2.0 prior to 2.0.7 stems from the program's failure to proper...