Tenda AC6 Cloud API Function Stack Overflow Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 has a stack buffer overflow vulnerability, the vulnerability stems from the Cloud API function has...

MAL-2025-33889 Malicious code in stack-balance-cloud-function-zeta (npm)

The package stack-balance-cloud-function-zeta was found to contain malicious code...

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

The vulnerability in the web module of the Spring Cloud Function software platform allows a attacker to perform a “denial-of-service” attack.

The vulnerability in the Spring Cloud Function software platform’s web module is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack...

io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.15 <=0.4.16), io.zipkin:zipkin-server (>=3.3.1 <=3.4.1) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.3.0 <=3.3.2)

org.springframework.boot:spring-boot-loader-classic MAVEN version =3.3.0, =0.4.15, =3.3.1, =3.3.0, =3.3.13 - org.springframework.cloud:spring-cloud-function-adapter-gcp =4.1.6 - org.springframework.cloud:spring-cloud-function-deployer =4.1.6 Source cves: CVE-2024-38807 Source advisory:...

com.alipay.sofa.koupleless:arklet-springboot-starter (>=2.1.0 <=2.1.11), com.alipay.sofa.koupleless:koupleless-base-starter (>=2.1.0 <=2.1.11) +8 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.2.0 <=3.2.7)

org.springframework.boot:spring-boot-loader MAVEN version =3.2.0, =2.1.0, =2.1.0, =4.2.0, =4.2.0, =3.1.0, =0.4.0, =4.3.0, =4.1.0, =4.1.0, =4.1.5 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...

com.wizzdi:FlexiCore (=7.0.0), org.springframework.boot:spring-boot-jarmode-layertools (>=3.0.0 <=3.0.13) +2 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.0.0 <=3.0.13)

org.springframework.boot:spring-boot-loader MAVEN version =3.0.0, =3.0.0, =4.0.0, =4.0.0, =4.0.6 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...

ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=4.0.1), cn.herodotus.engine:message-kafka-spring-boot-starter (>=3.2.0.0 <=3.3.0.2) +441 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.1.0 <=4.1.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.1.0, =4.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =5.8.0, =5.8.0, =5.8.0, =5.13...

city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...

Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

GHSA-J4R7-P9FP-W3F3 Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

CVE-2024-22271

A flaw was found in the Spring Cloud Function framework. Affected versions of this package are vulnerable to denial of service DoS when attempting to compose functions with nonexisting functions. This flaw allows an attacker to trigger a cache overflow. Mitigation Mitigation for this issue is...

CVE-2024-22271

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

CVE-2024-22271

The CVE-2024-22271 entry describes a denial-of-service vulnerability in Spring Cloud Function Framework when composing functions with non-existing functions. Affected versions are Spring Cloud Function Framework 4.1.0–4.1.2 and 4.0.0–4.0.8, specifically when using the Web module. The root cause i...

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework based on Spring Boot implementation by the US Spring team. A security vulnerability exists in Spring Cloud Function Framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, which stems from an application being vulnerable to a denial-of-service...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

PT-2024-7898

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remot...