Lucene search
K

1888 matches found

OSV
OSV
added 2022/05/13 1:2 a.m.34 views

GHSA-F93F-G33R-8PCP Improper Restriction of XML External Entity Reference in Spring Framework

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

8.8CVSS8.5AI score0.01696EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:2 a.m.38 views

GHSA-G6HF-F9CQ-Q7W7 Cross-Site Request Forgery in Spring Framework

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS5.8AI score0.90455EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.36 views

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS8.8AI score0.1005EPSS
Exploits5References11Affected Software1
OSV
OSV
added 2022/05/13 1:2 a.m.36 views

GHSA-8CMM-QJ8G-FCP6 Cross-Site Request Forgery in Spring Framework

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS6.4AI score0.91354EPSS
Exploits0References8
OSV
OSV
added 2022/05/13 1:2 a.m.29 views

GHSA-RP4P-G69R-438X Cross-Site Request Forgery in Spring Framework

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS5.8AI score0.26467EPSS
Exploits1References12
OSV
OSV
added 2022/05/13 1:2 a.m.34 views

GHSA-VP63-RRCM-9MPH Missing XML Validation in Spring Framework

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS6.2AI score0.03438EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.51 views

Cross-Site Request Forgery in Spring Framework

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS6.5AI score0.91354EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.32 views

Missing XML Validation in Spring Framework

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS5.3AI score0.03438EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.35 views

Cross-Site Request Forgery in Spring Framework

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS4.9AI score0.26467EPSS
Exploits1References13Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 12:0 a.m.4 views

ai.superstream:spring-kafka (>=2.8.4-alpha1 <=2.8.4-alpha6), biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.5) +1894 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=5.3.0 <=5.3.2)

org.springframework:spring-messaging MAVEN version =5.3.0, =2.8.4-alpha1, =1.0.1, =0.0.1-alpha, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =5.6.5, =5.6.5, =5.5.7, =5.6.5, =5.5.7, =5.5.7, =5.5.7, =6.0.5 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

6.5CVSS6.9AI score0.02931EPSS
Exploits0
OSV
OSV
added 2022/05/13 12:0 a.m.2 views

GHSA-RQPH-VQWM-22VC Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS6.9AI score0.02931EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/13 12:0 a.m.44 views

Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS4.3AI score0.02931EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/13 12:0 a.m.3 views

GHSA-HH26-6XWR-GGV7 Denial of service in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

7.5CVSS6.8AI score0.01853EPSS
Exploits1References7
CNVD
CNVD
added 2022/05/13 12:0 a.m.39 views

Spring Framework Denial of Service Vulnerability

Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...

3.5CVSS2.9AI score0.01853EPSS
Exploits1
CNVD
CNVD
added 2022/05/13 12:0 a.m.33 views

Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...

4CVSS3.3AI score0.02931EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/12 8:15 p.m.5 views

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS6.9AI score0.02931EPSS
Exploits0References4
NVD
NVD
added 2022/05/12 8:15 p.m.20 views

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS0.02931EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/12 8:15 p.m.5 views

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

5.3CVSS6.8AI score0.01853EPSS
Exploits1References4
NVD
NVD
added 2022/05/12 8:15 p.m.37 views

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

5.3CVSS0.01853EPSS
Exploits1References3
OSV
OSV
added 2022/05/12 8:15 p.m.39 views

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS6.2AI score0.02931EPSS
Exploits0References3
Rows per page
Query Builder