Exposure of Core Dump File to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Core Dump File to an Unauthorized Control Sphere via the heapdump endpoint, which is introduced through the use of Spring Boot Actuators. An attacker can access sensitive memory information by sending requests to this...

SpringBootVulExploit

This repository is an offensive tool for exploiting Spring Boot vulnerabilities. It contains a collection of exploits and techniques for various Spring Boot versions, including: 1. Spring Boot 1.0 - 1.4: Exposes actuators by default without any parameters, making it vulnerable to RCE Remote Code...

Engel & Völkers Technology GmbH: Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com

Summary: The Spring Boot Actuators are exposing critical information on gonext-stage.engelvoelkers.com such as the last 100 HTTP requests made to the server including cookies, paths, etc and the environment configuration. The endpoints are the following: - /trace - /env - /mappings - /configprops...

Friday Squid Blogging: Robot Squid Propulsion

Interesting research: The squid robot is powered primarily by compressed air, which it stores in a cylinder in its nose do squids have noses?. The fins and arms are controlled by pneumatic actuators. When the robot wants to move through the water, it opens a value to release a modest amount of...