SUSE CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.21), at.chrl:chrl-jms (=1.1.0) +3935 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=5.2.21.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.5.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

ai.superstream:spring-kafka (>=2.8.4-alpha1 <=2.8.4-alpha6), biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.5) +1894 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=5.3.0 <=5.3.2)

org.springframework:spring-messaging MAVEN version =5.3.0, =2.8.4-alpha1, =1.0.1, =0.0.1-alpha, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =5.6.5, =5.6.5, =5.5.7, =5.6.5, =5.5.7, =5.5.7, =5.5.7, =6.0.5 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

Spring Framework Spring-messaging Remote Code Execution Vulnerability

Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in Spring Framework Spring-messaging. An attacker can exploit the vulnerability to...

Exploit for Code Injection in Vmware Spring_Framework

PoC exploit for CVE-2018-1270, a Spring messaging STOMP protocol...

DEBIAN-CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...