21 matches found
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
EUVD-2022-4750
Malicious code in bioql PyPI...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
io.github.openfeign.querydsl:querydsl-collections (>=5.0.1 <=5.6), io.github.openfeign.querydsl:querydsl-hibernate-search (>=5.0.1 <=5.6) +6 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=5.0.1 <=5.6)
io.github.openfeign.querydsl:querydsl-apt MAVEN version =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.6 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
io.github.openfeign.querydsl:querydsl-collections (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10) +2 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=6.0.0.M1 <=6.10)
io.github.openfeign.querydsl:querydsl-apt MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.0.0.M1, =6.10 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
PT-2024-33345 · Unknown +1 · Openfeign Querydsl +1
Name of the Vulnerable Software and Affected Versions: Querydsl version 5.1.0 OpenFeign Querydsl version 6.8 Description: The issue allows SQL/HQL injection in the orderBy clause of JPAQuery. This is possible when untrusted input is directly used in query construction. Note that the Querydsl...
This Week in Spring - August 23rd, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a ton to cover, so lets dive right into it! A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful Podcast on workflow, business process management, and more Building IoT Applications Using Fauna and Spring...
This Week in Spring - August 1st, 2022
Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...
GHSA-PF94-6V2V-CM3J Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +330 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)
org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...
ai.hyacinth.framework:core-service-api-support (=0.5.24), ai.hyacinth.framework:core-service-trigger-server (=0.5.24) +96 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (=2.2.0.RELEASE)
org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =2.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-openfeign-core and may be impacted: - ai.hyacinth.framework:core-service-api-suppo...
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
Design/Logic Flaw
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
CVE-2021-22044
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
CVE-2021-22044
The CVE-2021-22044 vulnerability affects Spring Cloud OpenFeign where applications using type-level @RequestMapping on Feign client interfaces may involuntarily expose endpoints corresponding to @RequestMapping-annotated methods. Affected versions include Spring Cloud OpenFeign 3.0.0–3.0.4 and 2....
Spring Cloud OpenFeign 安全漏洞
Vmware Spring Cloud OpenFeign is an open source, declarative Rest client for Spring Boot applications from Vmware, USA. A security vulnerability exists in Spring Cloud OpenFeign, which stems from the use of type-level "@RequestMapping" annotations on the Feign client interface in RELEASE and...