Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...

Siemens SCALANCE XCM332 Use After Free (CVE-2022-30065)

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...

[SECURITY] Fedora 37 Update: rubygem-activerecord-7.0.4.3-1.fc37

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Regular Expression Denial Of Service (ReDoS)

uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used for the RFC3986URI and RFC3986relativeref parameters in the rfc3986parser.rb, which allows an attacker to crash the application by providing maliciously crafted URI...

Regular Expression Denial Of Service (ReDoS)

time is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the rfc2822 function of time.rb, which allows an attacker to crash the application by providing an invalid time...

Security Bypass

spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using "" as a pattern in spring security configuration with the mvcRequestMatcher which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass...

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

Security feature bypass

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

UBUNTU-CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

CVE-2023-20860

CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...

CVE-2023-20860

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

PT-2023-21727 · Unknown · Angular-Server-Side-Configuration

Name of the Vulnerable Software and Affected Versions: angular-server-side-configuration versions 15.0.0 through 15.0.x Description: The issue concerns the detection of environment variables in TypeScript files during the build time of an Angular CLI project. These variables are written to a...

Medium: cpio

Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...

VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Windows

The VMware Spring Framework is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-2259 · Spring +1 · Spring Mvc +3

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.25 Spring Framework versions 6.0.0 through 6.0.6 Description: The issue is related to a mismatch in pattern matching between Spring Security and Spring MVC when using "" as a pattern in Spring...