Lucene search
K

47 matches found

Snyk
Snyk
added 2025/05/15 12:0 a.m.9 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to an incomplete fix for CVE-2024-38820, where it is still possible to bypass the disallowedFields checks. Note: This vulnerability was also fixed in commercial versions 6.0.28 and 5.3.43...

5.3CVSS7AI score0.00631EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/10/18 6:30 a.m.8 views

ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7541 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)

org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/10/18 6:30 a.m.8 views

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.1.1 <=0.112.0) +8300 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.1.0 <=6.1.13)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/21 6:31 p.m.4 views

cn.dynamictp:dynamic-tp-example-nacos (>=1.0.8 <=1.1.2), cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.18) +75 more potentially affected by CVE-2023-39106 via com.alibaba.nacos:nacos-spring-context (>=0.1.0-RC1 <=1.1.1)

com.alibaba.nacos:nacos-spring-context MAVEN version =0.1.0-RC1, =1.0.8, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =0.1.0, =0.1.0, =0.1.10, =0.1.10, =0.1.10, =0.1.10, =2.0.0, =2.0.0, =2.0.0-beta8 - com.gitee.pulanos.pangu:pangu-framework =5.0.0 and more Source cves: CVE-2023-39106 Source advisory:...

8.8CVSS7.2AI score0.01068EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/15 12:0 a.m.4 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10774 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=5.3.0 <=5.3.18)

org.springframework:spring-context MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...

5.3CVSS6.7AI score0.05666EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/04/15 12:0 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +39193 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=1.2.1 <=5.2.20.RELEASE)

org.springframework:spring-context MAVEN version =1.2.1, =1.1, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.0.51 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...

5.3CVSS6.7AI score0.05666EPSS
Exploits2
Veracode
Veracode
added 2022/04/14 1:40 p.m.79 views

Binding Rules Bypass

spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters...

5.3CVSS2.7AI score0.05666EPSS
Exploits2References7Affected Software1
Rows per page
Query Builder