Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2023/07/17 12:30 p.m.7 views

am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +922 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=0.12.0.RELEASE <=1.5.4)

org.springframework.hateoas:spring-hateoas MAVEN version =0.12.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1, =1, =1, =1, =1, =1, =1.0.1.RELEASE, =1.0.0.RELEASE, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =2.0.9.RELEASE and more Source cves: CVE-2023-34036 Source advisory:...

5.3CVSS6AI score0.00403EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/17 12:30 p.m.13 views

be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.1.RELEASE), be.personify.iam:personify-frontend (=1.5.1.RELEASE) +51 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=2.0.0 <=2.0.4)

org.springframework.hateoas:spring-hateoas MAVEN version =2.0.0, =1.5.0.RELEASE, =1.5.0.RELEASE, =0.2.6, =1.6.9, =1.0, =1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.4 - com.wizzdi:FlexiCore =7.0.0 and more Source cves: CVE-2023-34036 Source advisory: OSV:GHSA-7M5C-FGWF-MWPH...

5.3CVSS6AI score0.00403EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/07/17 10:0 a.m.12 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS6.8AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 10:0 a.m.34 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS6.1AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2023/07/17 10:0 a.m.78 views

CVE-2023-34036

CVE-2023-34036 affects reactive Spring WebFlux applications that use Spring HATEOAS to generate hypermedia links. The root cause is improper handling of forwarded headers (Forwarded, X-Forwarded-Host/Port/Proto) by the application stack, which can allow spoofing if there is no trusted proxy or ad...

5.3CVSS5.2AI score0.00403EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder