Lucene search
K

190 matches found

OSV
OSV
added 2023/07/17 10:0 a.m.34 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS6.1AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2023/07/17 10:0 a.m.78 views

CVE-2023-34036

CVE-2023-34036 affects reactive Spring WebFlux applications that use Spring HATEOAS to generate hypermedia links. The root cause is improper handling of forwarded headers (Forwarded, X-Forwarded-Host/Port/Proto) by the application stack, which can allow spoofing if there is no trusted proxy or ad...

5.3CVSS5.2AI score0.00403EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Spring HATEOAS 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring HATEOAS versions 1.5.4 and earlier, 2.0.4 and earlier, and 2.1.0, which stems from the fa...

5.3CVSS5.6AI score0.00403EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2023/03/29 12:0 a.m.87 views

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/28 12:0 a.m.17 views

Context Propagation with Project Reactor 2 - The bumpy road of Spring Cloud Sleuth

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Cloud Sleuth recently became Micrometer Tracing, part of the Micrometer project. Most of the tracing instrumentation is centered within Micrometer und...

6.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/27 10:0 p.m.23 views

Microsoft Incident Response Retainer is generally available

The task of securing organizations is constantly changing and getting more complex. Many organizations don’t have the time, resources, or expertise to build an in-house incident response program. For customers that want help remediating an especially complex breach or avoiding one altogether,...

6.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/03/27 10:0 p.m.21 views

Microsoft Incident Response Retainer is generally available

The task of securing organizations is constantly changing and getting more complex. Many organizations don’t have the time, resources, or expertise to build an in-house incident response program. For customers that want help remediating an especially complex breach or avoiding one altogether,...

6.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/27 12:0 a.m.36 views

Context Propagation with Project Reactor 1 - The Basics

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Boot 3 and Spring Framework 6 brought us a unified and consistent way to enable Observability in applications that use Micrometer. The evolution from...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/21 12:0 a.m.97 views

This Week in Spring - March 21st, 2023

Hi, Spring fans! Welcome to another rip roaring installment of This Week in Spring! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course, is just another amazing installment before Java 21, which comes out in six short months, includin...

6.6AI score0.03514EPSS
Exploits1
Spring Security Advisories
Spring Security Advisories
added 2023/03/07 12:0 a.m.14 views

This Week in Spring - March 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's an amazing week, and this week we've got a lot to look at. Let's dive right into it. Spring Cloud Function for Azure Function Spring Data 2022.0.3 and 2021.2.9 released Spring R2DBC for Reactive Relational Databases in...

Exploits0
Veracode
Veracode
added 2023/02/28 3:23 a.m.17 views

Information Disclosure

resteasy-reactive-common is vulnerable to Information Disclosure. The vulnerability exists because the readFrom function in FileBodyHandler.java creates a temporary file with insecure permissions, which allows a local user to read the temporary file created...

3.3CVSS4.3AI score0.00206EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/02/24 6:30 p.m.7 views

br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +276 more potentially affected by CVE-2023-0481 via io.quarkus.resteasy.reactive:resteasy-reactive-common (>=1.11.0.Beta1 <=3.0.0.Alpha3)

io.quarkus.resteasy.reactive:resteasy-reactive-common MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.3.3 and more Source cves: CVE-2023-0481 Source advisory: OSV:GHSA-J75R-VF64-6RRH...

3.3CVSS5.8AI score0.00206EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/24 6:30 p.m.76 views

RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

3.3CVSS4.4AI score0.00206EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/24 12:0 a.m.4 views

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

3.7AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/24 12:0 a.m.35 views

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

4.1AI score0.00206EPSS
Exploits0References1
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview reactive-cashflow is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/01/26 1:6 p.m.46 views

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

5.3CVSS4.4AI score0.00206EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2022/12/13 9:0 a.m.21 views

This Week in Spring - December 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I truly, absolutely, can not believe that were nearly done with the year already! Have you made your new years resolutions? Submitted your expense reports? Its that time of the year when Im going to start focusing on staying...

0.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2022/11/20 12:0 a.m.17 views

Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)

A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...

3.5CVSS3.2AI score0.88476EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/10/19 1:20 a.m.6 views

Malicious code in reactive-cashflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 329d1725ab9b283eb626b5066e0e9412decaa5422ffefd48dc5b3ab77c20562d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder