Lucene search
K

173 matches found

RedHat Linux
RedHat Linux
added 2024/11/05 12:8 p.m.5 views

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 12:7 p.m.10 views

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 11:25 a.m.6 views

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/09 5:17 p.m.32 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.2 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.2 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS6.8AI score0.02716EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/09 5:17 p.m.8 views

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
Veracode
Veracode
added 2024/08/21 5:47 a.m.19 views

Denial Of Service (DoS)

org.springframework, spring-expression is vulnerable to a Denial of Service DoS. The vulnerability is due to the evaluation of user-supplied Spring Expression Language SpEL expressions, which attackers can exploit by providing specially crafted expressions that can overload the system...

4.3CVSS7AI score0.00536EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/20 9:30 a.m.2 views

GHSA-9CMQ-M9J5-MVWW Spring Framework vulnerable to Denial of Service

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...

5.1CVSS5.9AI score0.00536EPSS
Exploits0References6
OSV
OSV
added 2024/08/20 8:15 a.m.3 views

UBUNTU-CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

4.3CVSS7.1AI score0.00536EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/20 7:12 a.m.20 views

CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

4.3CVSS6.7AI score0.00536EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.3 views

Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 5.3.0 through 5.3.38, which stems from the possibility that a user may supp...

4.3CVSS6.9AI score0.00536EPSS
Exploits0References5
OSV
OSV
added 2024/08/16 12:16 a.m.7 views

OSV-2024-1018 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67071 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/08/16 12:12 a.m.4 views

OSV-2024-930 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70893 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl.hashCode...

7.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/15 12:0 a.m.31 views

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.00852EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/08/15 12:0 a.m.25 views

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.00852EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2024/08/14 12:0 a.m.7 views

Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

4.3CVSS6.6AI score0.00536EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/14 12:0 a.m.6 views

PT-2024-7271

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.38 Spring Framework older unsupported versions Description: The issue is related to the Spring Expression Language SpEL in Spring Framework. It is possible for a user to provide a specially crafted...

7.5CVSS6.5AI score0.0266EPSS
Exploits2References163
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.5 views

DataGear Security Breach

DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...

9.8CVSS7AI score0.0282EPSS
Exploits2References4
OSV
OSV
added 2024/04/30 12:1 a.m.5 views

OSV-2024-335 Security exception in org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67978 Crash type: Security exception Crash state: org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp java.base/java.nio.charset.CharsetEncoder.replaceWith java.base/java.nio.charset.CharsetEncoder...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.53 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3622)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3622 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.8CVSS6.8AI score0.04031EPSS
Exploits3References21
OSV
OSV
added 2024/04/24 5:6 p.m.4 views

GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...

8.8CVSS5.9AI score0.02372EPSS
Exploits1References9
Rows per page
Query Builder