Lucene search
K

750 matches found

Vulnrichment
Vulnrichment
added 2025/04/10 5:26 p.m.8 views

CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your Spring Cloud Config Server and You are using the...

5.3CVSS5.3AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 5:26 p.m.16 views

CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your Spring Cloud Config Server and You are using the...

5.3CVSS0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.2 views

VMware Spring Cloud Config 安全漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems from VMware. The product primarily provides server and client support for external configuration in distributed systems. A security vulnerability exists in VMware Spring Cloud Config versions 2.2.1 through...

5.3CVSS5.4AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15613 · Spring · Spring Cloud Config

Name of the Vulnerable Software and Affected Versions: Spring Cloud Config versions 3.1.10, 4.0.10, 4.1.6, 4.2.2, and 4.3.0-M3 are not the affected versions, but rather the versions that address the issue. Since the affected versions are not explicitly mentioned, the correct output is: Spring Clo...

5.3CVSS5AI score0.00254EPSS
Exploits0References13
Spring Security Advisories
Spring Security Advisories
added 2025/04/08 12:0 a.m.12 views

This Week in Spring - April 8th, 2025

Hi, Spring fans! How are ya? I'm doing fine. Excited, even. You see, Spring AI M7 is coming soon! In theory, it drops on Thursday. Don't hold us to that — these things can change :- But soon , and it's turning out to be a whopper of a release! You should try upgrading your application to the new ...

5.3CVSS7AI score0.00254EPSS
Exploits0
Snyk
Snyk
added 2025/04/07 12:0 a.m.3 views

Improper Authorization

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Improper Authorization due to not using the Vault token sent by clients using a X-CONFIG-TOKEN header...

6.3CVSS7AI score0.00254EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/04/07 12:0 a.m.7 views

com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +8 more potentially affected by CVE-2025-22232 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.5)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.5 Source cves: CVE-2025-22232 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-9674187...

5.3CVSS5.9AI score0.00254EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/07 12:0 a.m.7 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2025-22232 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.1 Source cves: CVE-2025-22232 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-9674187...

5.3CVSS6AI score0.00254EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/07 12:0 a.m.6 views

ai.hyacinth.framework:core-service-config-server (=0.5.24), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +63 more potentially affected by CVE-2025-22232 via org.springframework.cloud:spring-cloud-config-server (>=2.2.0.RELEASE <=3.1.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.2.0.RELEASE, =2.2.1.RELEASE, =0.0.1.RELEASE, =0.0.1-RELEASE, =1.1.1, =1.0.0, =1.0.0.RELEASE, =1.0.1 - com.github.niupengyu:ahead-frame-commons =1.2.5-RELEASE - com.github.niupengyu:ahead-frame-core =1.2.5-RELEASE -...

5.3CVSS6AI score0.00254EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/03/25 12:0 a.m.5 views

This Week in Spring - March 25th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I’m in Portland, OR, then I'm off to Austin, TX for the Arc of AI show, and then I'm off to Amsterdam for Voxxed Days Amsterdam! If you're around, be sure to say hi! There's a ton of cool stuff to look at, so witho...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.3 views

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt, which stems from hard-coded credentials and could lead to remote attacks...

9.8CVSS7.5AI score0.00638EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.4 views

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices architecture based on SpringCloud by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from a business logic error and could lead to a remote attack...

6.5CVSS6.5AI score0.0039EPSS
Exploits1References6
Spring Security Advisories
Spring Security Advisories
added 2025/03/11 12:0 a.m.9 views

This Week in Sprng - March 11th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a busy week as always, fresh off the rush that was Devnexus and busily preparing for the fun that is JavaOne! It's going to be epic! want to learn about dependency injection, auto-configuration, Spring Framework, Spring...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/09 12:43 p.m.7 views

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...

5.6CVSS7AI score0.79817EPSS
Exploits3
Spring Security Advisories
Spring Security Advisories
added 2025/03/04 12:0 a.m.12 views

This Week in Sprng - March 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring , and Happy Devnexus 2025 to those who celebrate! That's right sports fans, I'm off to awesome Atlanta, Georgia later today for Devnexus, one of the world's largest annual gatherings of Java community and luminaries alike. I'l...

7.1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-5412

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS5.8AI score0.10214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:45 a.m.9 views

CVE-2021-37694

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

8.7CVSS7.3AI score0.00877EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 a.m.6 views

CVE-2024-6834

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

9CVSS6.9AI score0.00263EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/02/04 12:0 a.m.5 views

This Week in Spring - February 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 4th, 2025, as I write this. We are ten days away from Valentine's day, and about a month away from Devnexus. Lots to look forward to, in both the short term and the long term! Let's dive right into this week's...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/01/21 12:0 a.m.7 views

This Week in Spring - January 21st, 2025

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's time to dive into this week's wondrous roundup! Good news, everybody! Spring Cloud AWS 3.3.0 is available! A neat video on stored procedures in Spring A very interesting article on the flow diagrams for Sprin...

7.2AI score
Exploits0
Rows per page
Query Builder