1885 matches found
CVE report published for Spring Framework
We have released Spring Framework 5.3.17 and Spring Framework 5.2.20 to address the following CVE report. CVE-2022-22950: Spring Expression DoS Vulnerability Please review the information in the CVE report and upgrade immediately. Spring Boot users should upgrade to 2.5.11 or 2.6.5...
Vmware Spring Framework 安全漏洞
Vmware Spring Framework is a set of open source Java, JavaEE application framework from Vmware USA. The framework helps developers build high-quality applications.Vmware Spring Framework has a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service via a...
Spring Expression DoS Vulnerability
In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0 - 5.2.19, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...
Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Spring Framework is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-22060 by upgrading addressable to latest version. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
GHSA-V98J-7CRC-WVRJ Authentication bypass in Apache Shiro
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...
Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-22096)
Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed the vulnerability. Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a...
Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
GHSA-6GF2-PVQW-37PH Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
DEBIAN-CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
Design/Logic Flaw
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
UBUNTU-CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
Vmware Spring Framework has an unspecified vulnerability
Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
CVE-2021-22060 affects Spring Framework (versions 5.3.0–5.3.13 and 5.2.0–5.2.18, plus older unsupported) where crafted input can cause insertion of extra log entries. It is a follow-up to CVE-2021-22096; the root cause is input handling in the framework that permits log entry insertion. Connected...