ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2525 more potentially affected by CVE-2023-51775 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.3)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.djl.spring:djl-spring-boot-starter-autoconfigure (>=0.2 <=0.11) +26949 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=1.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.2, =0.2, =0.2, =0.2, =0.2, =0.2, =0.5, =0.0.12, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.51 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Summary IBM Watson Knowledge Catalog in Cloud Pak for Data is potentially vulnerable to arbitrary code execution due to Java Spring data binding vulnerability CVE-2022-22965. Vulnerability Details CVEID: CVE-2022-22965 DESCRIPTION: Spring Framework could allow a remote attacker to execute arbitra...

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts...

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

A zero-day remote code execution RCE vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept PoC exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.1 <=4.6.0.0), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +6029 more potentially affected by CVE-2021-44832 via org.apache.logging.log4j:log4j-core (>=2.13.0 <=2.17.0)

org.apache.logging.log4j:log4j-core MAVEN version =2.13.0, =4.4.0.1, ='1.0.3', =0.0.2, =0.0.14, =2.1.0, =3.32.1.7, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.5.2 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...

CVE-2021-37694 Code injection issue for java-spring-cloud-stream-template

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

Authentication flaw

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

Michael Stepankin OpenID-Connect-Java-Spring-Server Server-Side Request Forgery Vulnerability

Michael Stepankin OpenID-Connect-Java-Spring-Server is a GlobalMichael Stepankin open source application system provides OpenID Connect identity provider and generic OAuth 2.0 authorization server Michael Stepankin OpenID-Connect-Java-Spring-Server suffers from a server-side request forgery...

Michael Stepankin OpenID-Connect-Java-Spring-Server 代码问题漏洞

Michael Stepankin OpenID-Connect-Java-Spring-Server is a GlobalMichael Stepankin open source application system provides OpenID Connect identity provider and generic OAuth 2.0 authorization server Michael Stepankin OpenID-Connect-Java-Spring-Server suffers from a server-side request forgery...

MITREid 1.3.3 Cross Site Scripting

MITREid Connect OpenID-Connect-Java-Spring-Server version 1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is included in topbar.tag and header.tag without being sanitized. A user can set their name to a value like: Testalert1 Which will be included in JSON used by a...

Debian DSA-2890-1 : libspring-java - security update

Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. - CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. - CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on ...

DSA-2890-1 libspring-java - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...