750 matches found
EUVD-2022-6126
Malicious code in bioql PyPI...
EUVD-2025-29611
Malicious code in bioql PyPI...
EUVD-2025-13564
Malicious code in bioql PyPI...
EUVD-2024-0392
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...
CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
A Bootiful Podcast: Spring Cloud lead Spencer Gibb, live from SpringOne 2025
Hi, Spring fans! In this installment, we talk to the legendary lead of Spring Cloud and friend to the community, Spencer Gibb! This was recorded live from Las Vegas, NV, at the fantastic SpringOne 2025 event!...
GHSA-Q2CJ-H8FW-Q4CC Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +12 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server-webflux (=4.3.0)
org.springframework.cloud:spring-cloud-gateway-server-webflux MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server-webflux and may be impacted: - ch.nexsol-tech.gateway:sample-gatewa...
CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243
Spring Cloud Gateway Server Webflux is affected by a vulnerability where unsecured and exposed actuator endpoints allow modification of Spring Environment properties via SpEL, enabling configuration tampering. Affected component: Spring Cloud Gateway Server Webflux (WebFlux; WebMVC is not vulnera...
Spring Cloud Gateway 安全漏洞
Spring Cloud Gateway is a Spring open source API gateway framework. A security vulnerability exists in Spring Cloud Gateway that stems from a possible modification of Spring environment properties...
ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +36 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server (=4.3.0)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server and may be impacted: - ch.nexsol-tech.gateway:sample-gateway =1.2.0, =1.2.0...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +111 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.2.4)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =3.0.0.1, =jdk17-0.0.1 - cn.warpin.maven-central:common-gateway-security =0.0.15 and more Source cves: CVE-2025-41243 Source...
A Bootiful Podcast: Spring Cloud guru Ryan Baxter
Hi, Spring fans! In this installment we talk to the amazing Spring Cloud contributor Ryan Baxter, live from SpringOne 2025!...
Linux Distros Unpatched Vulnerability : CVE-2025-22232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-cloud-starter-gateway-4.1.7.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-cloud-starter-gateway-4.1.7.jar Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444: Inconsisten...