ysoserial

ysoserial !GitHub releasehttps://img.shields.io/github/do...

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-beans-6.2.3.jar (CVE-2025-41242)

Summary IBM Sterling Connect:Direct Web Services is vulnerable toPath Traversal Vulnerability in spring-beans-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

ysoserial

This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...

Valtimo scripting engine can be used to gain access to sensitive data or resources

Impact Any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to: - Running executables on the application host - Inspecting and extracting data from the host environment or application properties -...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +21625 more potentially affected by CVE-2025-41242 via org.springframework:spring-beans (>=6.0.0 <=6.2.1)

org.springframework:spring-beans MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

Relative Path Traversal

Overview org.springframework:spring-beans is a package that is the basis for Spring Framework's IoC container. The BeanFactory interface provides an advanced configuration mechanism capable of managing any type of object. Affected versions of this package are vulnerable to Relative Path Traversal...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Active MQ CVE-2023-46604 exploit This repository is a guide w...

Atlassian Confluence 7.13.9 < 7.13.12 Embedded Spring-Beans Denial Of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...

7.19.0 < 7.19.3 Embedded Spring-Beans Denial Of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...

Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

h3. Issue Summary spring-beans is vulnerable to CVE-2022-22970 This is reproducible on Data Center: yes h3. Steps to Reproduce Install Confluence 7.13.9 Step 2 h3. Expected Results Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher h3. Actual Results...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +41157 more potentially affected by CVE-2022-22970 via org.springframework:spring-beans (>=1.2 <=5.2.21.RELEASE)

org.springframework:spring-beans MAVEN version =1.2, =1.1, =1.3, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.51 and more Source cves: CVE-2022-22970 Source advisory: OSV:GHSA-HH26-6XWR-GGV7...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +12958 more potentially affected by CVE-2022-22970 via org.springframework:spring-beans (>=5.3.0 <=5.3.2)

org.springframework:spring-beans MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22970 Source advisory: OSV:GHSA-HH26-6XWR-GGV7...

Low: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6.5 security update

A micro version update from 1.6.4 to 1.6.5 is now available for Red Hat Integration Camel K. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Low. A Common...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10209 more potentially affected by CVE-2022-22965 via org.springframework:spring-beans (>=5.3.0 <=5.3.17)

org.springframework:spring-beans MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +41104 more potentially affected by CVE-2022-22965 via org.springframework:spring-beans (>=1.2 <=5.2.1.RELEASE)

org.springframework:spring-beans MAVEN version =1.2, =1.1, =1.3, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.51 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

Remote Code Execution (RCE)

spring-beans is vulnerable to remote code execution. Using Spring Parameter Binding with non-basic parameter types, such as POJOs, allows an unauthenticated attacker to execute arbitrary code on the target system by writing or uploading arbitrary files e.g .jsp files to a location that can be...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell-POC CVE-2022-22965 !Spring4Shellspring4shel...

CVE-2021-23258

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely RCE...

CVE-2021-23258

The CVE-2021-23258 entry refers to a Crafter CMS expression injection vulnerability where an authenticated Administrator or Developer could abuse an unrestricted SPEL Expression in Spring beans to execute OS commands (RCE). Root cause: SPEL expressions are not secured, enabling remote code execut...