Lucene search
+L

27 matches found

Spring Security Advisories
Spring Security Advisories
added 2023/07/13 12:0 a.m.54 views

New in Spring 6.1: RestClient

Spring Framework 6.1 M2 introduces the RestClient, a new synchronous HTTP client. As the name suggests, RestClient offers the fluent API of WebClient with the infrastructure of RestTemplate. Fourteen years ago, when RestTemplate was introduced in Spring Framework 3.0, we quickly discovered that...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.6 views

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...

7.5CVSS7.3AI score0.01175EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/02/10 12:0 a.m.9 views

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary code. This vulnerability stems from deficiencies in the deserialization mechanism, enabling attackers to execute unauthorized code.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.8CVSS7.3AI score0.0454EPSS
Exploits0References9Affected Software9
BDU FSTEC
BDU FSTEC
added 2021/11/17 12:0 a.m.6 views

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows for unlimited loading of dangerous types of files, enabling attackers to load and execute arbitrary code.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code by manipulating the...

10CVSS7.3AI score0.76367EPSS
Exploits1References20Affected Software29
OSV
OSV
added 2019/12/12 10:50 p.m.10 views

GHSA-484F-743F-6JX2 Object injection in cookie driver in phpfastcache

Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...

4.4CVSS9.7AI score0.01228EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/12/12 10:50 p.m.94 views

Object injection in cookie driver in phpfastcache

Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...

9.8CVSS1.7AI score0.01228EPSS
Exploits0References5Affected Software1
Silent Robot Systems
Silent Robot Systems
added 2018/05/24 8:24 p.m.58 views

odle: piping security data

I recently published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be 1 simple, 2 fast, and 3 work on many platforms with only one dependency - nokogiri. Below are two examples using odle to convert output fro...

7.5AI score
Exploits0
Rows per page
Query Builder