Lucene search
K

4 matches found

NVD
NVD
added 2023/10/19 8:15 a.m.18 views

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

5CVSS5.2AI score0.01537EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.8 views

SUSE CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

8.1CVSS8.4AI score0.66537EPSS
Exploits1References15
OSV
OSV
added 2022/01/21 11:26 p.m.12 views

GHSA-65FG-84F6-3JQ3 SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS6.9AI score0.66537EPSS
Exploits1References8
Spring Security Advisories
Spring Security Advisories
added 2014/03/11 12:0 a.m.6 views

Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)

Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and...

6.8CVSS8.1AI score0.91354EPSS
Exploits1References3
Rows per page
Query Builder