176 matches found
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-22233
The CVE-2025-22233 entry refers to a vulnerability in Spring Framework where Locale-dependent lowercase conversion still allows bypassing disallowedFields checks in data binding. Affected products/versions include Spring Framework 6.2.0–6.2.6, 6.1.0–6.1.19, 6.0.0–6.0.27, and 5.3.0–5.3.42 (older v...
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
USN-7165-1 libspring-java vulnerability
It was discovered that the Spring Framework incorrectly handled web requests via data binding. An attacker could possibly use this issue to achieve remote code execution and obtain sensitive information...
Security Bulletin: Vulnerability in Spring Framework affects IBM watsonx.data
Summary Spring Framework running on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. This may affect IB...
cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding
A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...
RHEL 7 : spring-webflow (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...
Server-Side Request Forgery (SSRF)
org.apache.cxf, cxf-rt-databinding-aegis is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due improper URL sanitisation which allows an attacker to perform SSRF attacks on web services that take at least one parameter of any type. Users of other data bindings, including the...
Fedora: Security Advisory for jackson-annotations (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: jackson-annotations-2.16.1-3.fc40
Core annotations used for value types, used by Jackson data-binding package...
[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...
CVE-2023-46131
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...
Code injection
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...
CVE-2023-46131 Grails® data binding causes JVM crash and/or DoS
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...
CVE-2023-46131
CVE-2023-46131 — Grails data binding DoS : A vulnerability in Grails data binding allows a specially crafted web request to cause a JVM crash or denial of service. Affected: Grails framework applications using data binding. Root cause: improper handling in data binding exposed to request data (as...
CVE-2023-46131 Grails® data binding causes JVM crash and/or DoS
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...
GHSA-3PJV-R7W4-2CF5 Grails data binding causes JVM crash and/or other denial of service
Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. Patches Patches are available for Grails 3 and later. Workarounds No workaround is possible except to avoid data binding to request data...
Grails data binding causes JVM crash and/or other denial of service
Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. Patches Patches are available for Grails 3 and later. Workarounds No workaround is possible except to avoid data binding to request data...
PT-2023-29864 · Grails · Grails
Name of the Vulnerable Software and Affected Versions: Grails versions prior to 3.3.17 Grails versions prior to 4.1.3 Grails versions prior to 5.3.4 Grails versions prior to 6.1.0 Description: A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)
The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...