29 matches found
EUVD-2025-15542
Malicious code in bioql PyPI...
EUVD-2024-2933
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in DataBinder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in DataBinde has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Linux Distros Unpatched Vulnerability : CVE-2024-38820
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that...
Linux Distros Unpatched Vulnerability : CVE-2022-22968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitiv...
Security Bulletin: Vulnerabilities in old Spring Framework versions, made disallowedFields patterns in DataBinder case insensitive, affect watsonx.data
Summary In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of...
K000148278: Spring framework CVE-2024-38820 vulnerability
Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...
Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities
The remote host contains a Spring Framework version is affected by a path traversal vulnerability. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obta...
VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Windows
The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux
The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
GHSA-4GC7-5J7H-4QPH Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820
The CVE-2024-38820 issue concerns Spring Framework DataBinder: lowercase conversion for disallowedFields and request parameter names was made locale-independent, but locale-dependent edge cases in String.toLowerCase() can still bypass the checks. Affected products/versions from linked advisories ...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
K35802610: Multiple MySQL vulnerabilities CVE-2022-21569, CVE-2022-21824, CVE-2022-22968, CVE-2022-27778
Security Advisory Description CVE-2022-21569 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
Improper handling of case sensitivity in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...