Security Update for Microsoft Visual Studio Code Spring Boot Tools Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Spring Boot Tools Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certa...

CVE Report Published for Spring Tools

We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report: - CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode Please review the information in the CVE report and upgrade immediately. Eclipse: STS...

PT-2022-20891 · Spring · Spring Boot Tools +1

Name of the Vulnerable Software and Affected Versions: Spring Tools 4 for Eclipse version 4.16.0 and below Spring Boot Tools version 1.39.0 and below Concourse CI Pipeline Editor version 1.39.0 and below Bosh Editor version 1.39.0 and below Cloudfoundry Manifest YML Support version 1.39.0 and bel...