Lucene search
+L

97 matches found

CNVD
CNVD
added 2020/08/07 12:0 a.m.2 views

Pivotal Software Spring Integration Code Issue Vulnerability

Pivotal Software Spring Integration is an enterprise integration pattern from Pivotal Software, USA. The product is designed to enable lightweight messaging in Spring-based applications and supports integration with tail systems via declarative adapters. A code issue vulnerability exists in Pivot...

9.8CVSS9.5AI score0.04409EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/08/05 2:53 p.m.5 views

br.jus.stf.digital:core (=0.1.0), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +646 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=4.3.0.RELEASE <=4.3.22.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =4.3.0.RELEASE, =0.0.1, =0.0.1, =A.1.0.0, =A.1.0.0, =A.1.1.0, =2.0.0, =A.1.1.0, =A.1.0.0, =A.1.0.0, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.12-RELEASE and more Source cves:...

9.8CVSS7.1AI score0.04409EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/05 2:53 p.m.7 views

cn.strongculture:prometheus-spring-boot-starter (=1.0.0), com.buession.springcloud.stream:buession-springcloud-stream-core (>=2.2.1 <=2.3.3) +105 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.3.0.RELEASE, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3...

9.8CVSS7.1AI score0.04409EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/05 2:53 p.m.10 views

com.alipay.sofa:tracer-sofa-boot-starter (>=3.1.0 <=3.1.2), com.pleosoft:pleosoft-spring-boot-starter (=1.0.5-RELEASE) +40 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.1.0.RELEASE <=5.1.11.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.1.0.RELEASE, =3.1.0, =0.2.0.RELEASE, =2.23.0, =2.23.0, =2.1.0.RELEASE, =5.1.0.RELEASE, =5.1.0.RELEASE, =5.1.0.RELEASE, =5.1.0.RELEASE, =5.1.0.RELEASE, =5.1.0.RELEASE, =5.1.11.RELEASE - org.springframework.integration:spring...

9.8CVSS7.1AI score0.04409EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/05 2:53 p.m.7 views

ai.hyacinth.framework:core-service-bus-support (=0.5.24), cc.cc4414:cc-spring-auth-server (=0.5.1) +407 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.2.0.RELEASE <=5.2.7.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.2.0.RELEASE, =5.2.7.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.integration:spring-integration-core and may be impacted: -...

9.8CVSS7.5AI score0.04409EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/08/05 2:53 p.m.95 views

Code execution in Spring Integration

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS4.1AI score0.04409EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2020/08/05 2:53 p.m.42 views

GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.4AI score0.04409EPSS
Exploits0References8
NVD
NVD
added 2020/07/31 8:15 p.m.37 views

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.5AI score0.04409EPSS
Exploits0References5
OSV
OSV
added 2020/07/31 8:15 p.m.26 views

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS7AI score0.04409EPSS
Exploits0References5
Prion
Prion
added 2020/07/31 8:15 p.m.18 views

Deserialization of untrusted data

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

7.5CVSS9.4AI score0.04409EPSS
Exploits0References5Affected Software8
Cvelist
Cvelist
added 2020/07/31 7:40 p.m.43 views

CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.5AI score0.04409EPSS
Exploits0References5
CVE
CVE
added 2020/07/31 7:40 p.m.149 views

CVE-2020-5413

CVE-2020-5413 affects Spring Integration Kryo-based (de)serialization. When Kryo is configured with default options, unregistered classes can be resolved on demand, enabling deserialization gadgets to execute malicious code during data intake. The provided connected documents confirm the issue an...

9.8CVSS9.4AI score0.04409EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2020/07/23 4:20 a.m.24 views

Remote Code Execution (RCE)

Spring Integration Core is vulnerable to remote code execution RCE. It accepts all unregistered classes on demand when Kryo is configured using default options, allowing a malicious class to be deserialized...

9.8CVSS4.4AI score0.04409EPSS
Exploits0References12Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2020/07/23 12:0 a.m.4 views

Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS7.3AI score0.04409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/04/05 10:59 a.m.29 views

CVE-2019-3772

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS4.9AI score0.03002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/02/26 12:0 a.m.17 views

Spring Integration Installed

Binary data pivotalsoftwarespringintegrationinstalled.nbin...

7.3AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2019/01/25 4:18 p.m.6 views

com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.3-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.88-RC1 <=1.1.3-RELEASE) +336 more potentially affected by CVE-2019-3772 via org.springframework.integration:spring-integration-xml (>=1.0.1.RELEASE <=4.3.17.RELEASE)

org.springframework.integration:spring-integration-xml MAVEN version =1.0.1.RELEASE, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =1.0.19-RELEASE, =1.2.2-RELEASE, =1.2.23-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.2.1-RELEASE, =0.0.3, =1.0.1, =2.1.1 and more...

9.8CVSS7.2AI score0.03002EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/01/25 4:18 p.m.5 views

com.ahome-it:ahome-tooling-server-core (>=1.0.110-RELEASE <=1.1.3-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.111-RELEASE <=1.1.3-RELEASE) +19 more potentially affected by CVE-2019-3772 via org.springframework.integration:spring-integration-ws (>=1.0.1.RELEASE <=4.3.17.RELEASE)

org.springframework.integration:spring-integration-ws MAVEN version =1.0.1.RELEASE, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.0-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.19-RELEASE, =1.2.2-RELEASE, =1.2.23-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.2.1-RELEASE, =0.0.3,...

9.8CVSS7.2AI score0.03002EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2019/01/25 4:18 p.m.32 views

Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS9.6AI score0.03002EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2019/01/25 4:18 p.m.44 views

GHSA-WR5R-M8PC-85J9 Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS9.6AI score0.03002EPSS
Exploits0References6
Rows per page
Query Builder