1888 matches found
GHSA-F93F-G33R-8PCP Improper Restriction of XML External Entity Reference in Spring Framework
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
GHSA-G6HF-F9CQ-Q7W7 Cross-Site Request Forgery in Spring Framework
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...
GHSA-8CMM-QJ8G-FCP6 Cross-Site Request Forgery in Spring Framework
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...
GHSA-RP4P-G69R-438X Cross-Site Request Forgery in Spring Framework
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
GHSA-VP63-RRCM-9MPH Missing XML Validation in Spring Framework
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
Cross-Site Request Forgery in Spring Framework
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...
Missing XML Validation in Spring Framework
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
Cross-Site Request Forgery in Spring Framework
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
ai.superstream:spring-kafka (>=2.8.4-alpha1 <=2.8.4-alpha6), biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.5) +1894 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=5.3.0 <=5.3.2)
org.springframework:spring-messaging MAVEN version =5.3.0, =2.8.4-alpha1, =1.0.1, =0.0.1-alpha, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =5.6.5, =5.6.5, =5.5.7, =5.6.5, =5.5.7, =5.5.7, =5.5.7, =6.0.5 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...
GHSA-RQPH-VQWM-22VC Allocation of Resources Without Limits or Throttling in Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
Allocation of Resources Without Limits or Throttling in Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
GHSA-HH26-6XWR-GGV7 Denial of service in Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
Spring Framework Denial of Service Vulnerability
Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...
Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...