org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server. This org.springframework:spring-webmvc Dependency...

org.springframework:spring-web used by Jira 9 contains vulnerabilities

Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808. https://spring.io/security/cve-2024-38808 https://asecurityteam.atlassian.net/browse/VULN-1409329...

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

OSV-2023-1244 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64641 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa...

Denial Of Service (DoS)

org.springframework: spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note tha...

CVE-2020-11619

CVE-2020-11619 affects Jackson Databind 2.x before 2.9.10.4 and is caused by mishandling the interaction between serialization gadgets and typing (related to spring-aop). This deserialization issue can lead to arbitrary code execution when a crafted JSON is processed, as described in IBM/ISIQ con...