CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

EUVD-2022-4750

Malicious code in bioql PyPI...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

io.github.openfeign.querydsl:querydsl-collections (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10) +2 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=6.0.0.M1 <=6.10)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.0.0.M1, =6.10 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

io.github.openfeign.querydsl:querydsl-collections (>=5.0.1 <=5.6), io.github.openfeign.querydsl:querydsl-hibernate-search (>=5.0.1 <=5.6) +6 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.6 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

PT-2024-33345

Name of the Vulnerable Software and Affected Versions Querydsl version 5.1.0 OpenFeign Querydsl version 6.8 Description The issue allows SQL/HQL injection in the orderBy clause of JPAQuery. This is possible when untrusted input is directly used in query construction. Note that the Querydsl...

This Week in Spring - August 23rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a ton to cover, so lets dive right into it! A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful Podcast on workflow, business process management, and more Building IoT Applications Using Fauna and Spring...

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +330 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...

Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

ai.hyacinth.framework:core-service-api-support (=0.5.24), ai.hyacinth.framework:core-service-trigger-server (=0.5.24) +96 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (=2.2.0.RELEASE)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =2.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-openfeign-core and may be impacted: - ai.hyacinth.framework:core-service-api-suppo...

GHSA-PF94-6V2V-CM3J Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

Design/Logic Flaw

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2021-22044

The CVE-2021-22044 vulnerability affects Spring Cloud OpenFeign where applications using type-level @RequestMapping on Feign client interfaces may involuntarily expose endpoints corresponding to @RequestMapping-annotated methods. Affected versions include Spring Cloud OpenFeign 3.0.0–3.0.4 and 2....

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

Spring Cloud OpenFeign 安全漏洞

Vmware Spring Cloud OpenFeign is an open source, declarative Rest client for Spring Boot applications from Vmware, USA. A security vulnerability exists in Spring Cloud OpenFeign, which stems from the use of type-level "@RequestMapping" annotations on the Feign client interface in RELEASE and...