8 matches found
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-boot-2.7.12.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-boot-2.7.12.jar Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that...
Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-application (=2.12.0), be.vlaanderen.informatievlaanderen.vsds:ldes-fragmentisers (>=1.1.0 <=3.4.0) +1476 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.1.0 <=3.1.5)
org.springframework.boot:spring-boot-actuator MAVEN version =3.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.6.0, =3.6.1 - be.vlaanderen.informatievlaanderen...
am.ik.access-logger:access-logger (>=0.1.0 <=0.1.2), cn.herodotus.engine:event-core (=3.0.1.0) +618 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.0.12)
org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.0, =0.1.2 - cn.herodotus.engine:event-core =3.0.1.0 - cn.herodotus.engine:event-message-spring-boot-starter =3.0.1.0 - cn.herodotus.engine:event-pay-spring-boot-starter =3.0.1.0 -...
This Week in Spring - 28 November, 2023
Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...
CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities
Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...