47 matches found
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to an incomplete fix for CVE-2024-38820, where it is still possible to bypass the disallowedFields checks. Note: This vulnerability was also fixed in commercial versions 6.0.28 and 5.3.43...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7541 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)
org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.1.1 <=0.112.0) +8300 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.1.0 <=6.1.13)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
cn.dynamictp:dynamic-tp-example-nacos (>=1.0.8 <=1.1.2), cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.18) +75 more potentially affected by CVE-2023-39106 via com.alibaba.nacos:nacos-spring-context (>=0.1.0-RC1 <=1.1.1)
com.alibaba.nacos:nacos-spring-context MAVEN version =0.1.0-RC1, =1.0.8, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =0.1.0, =0.1.0, =0.1.10, =0.1.10, =0.1.10, =0.1.10, =2.0.0, =2.0.0, =2.0.0-beta8 - com.gitee.pulanos.pangu:pangu-framework =5.0.0 and more Source cves: CVE-2023-39106 Source advisory:...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10774 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=5.3.0 <=5.3.18)
org.springframework:spring-context MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +39193 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=1.2.1 <=5.2.20.RELEASE)
org.springframework:spring-context MAVEN version =1.2.1, =1.1, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.0.51 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...
Binding Rules Bypass
spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters...