CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

PT-2025-19956 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay where an organization acting as a proxy cache grants "Admin" permissions on a newly created repository when a user or robot pulls an image that hasn't been mirrored ye...

rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage

A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...

USN-6907-1: Squid vulnerability

Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes ESI processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service...

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

USN-6594-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2023-49285 Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

GHSA-XF96-W227-R7C4 Spring Boot Welcome Page Denial of Service

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache. Specifically, an application is vulnerable if all of the condition...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

Default configuration

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

Spring Framework 资源管理错误漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from a possible Denial of Service DoS attack if Spring MVC is used wi...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

CVE-2023-20883

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

VMware Spring Boot < 2.5.15, 2.6.x < 2.6.15, 2.7.x < 2.7.12, 3.0.x < 3.0.7 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-17687

Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.5.0 through 2.5.14 Spring Boot versions 2.6.0 through 2.6.14 Spring Boot versions 2.7.0 through 2.7.11 Spring Boot versions 3.0.0 through 3.0.6 Spring Boot older unsupported versions Description There is potential for a...

[SECURITY] [DLA 3151-1] squid security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 13, 2022 https://wiki.debian.org/LTS -...