Lucene search
K

750 matches found

Spring Security Advisories
Spring Security Advisories
added 2025/01/14 12:0 a.m.10 views

This Week in Spring - January 14th, 2025

Hi, Spring fans, and greetings from the island of St. Barths! Salut depuis l'île de Saint-Barthélemy! I'm on a bit of PTO and have been bouncing around from one beach to another with my family. I just landed on a winning combination for a beach: warm water, a restaurant/bar, and some for-pay seat...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/12/03 12:0 a.m.10 views

This Week in Spring - December 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/26 12:0 a.m.10 views

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/11/22 1:53 p.m.401 views

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

CVE-2024-37084 Vulnerability Exploitation Example PoC CVE-2...

9.8CVSS6.7AI score0.35211EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability in the web module of the Spring Cloud Function software platform allows a attacker to perform a “denial-of-service” attack.

The vulnerability in the Spring Cloud Function software platform’s web module is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack...

8.5CVSS6.8AI score0.0036EPSS
Exploits0References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/11/12 12:0 a.m.11 views

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/28 12:0 a.m.13 views

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.5 views

The vulnerability of the application programming interface of the Skipper server on the Spring Cloud Data Flow microservices platform allows a perpetrator to write a file to any directory in the system using a specially crafted API request.

The vulnerability of the application programming interface of the Skipper server in the Spring Cloud Data Flow microservices platform is related to improper code generation management. Exploiting this vulnerability allows an attacker, operating remotely, to write a file to any directory in the...

10CVSS5.5AI score0.35211EPSS
Exploits4References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/10/18 6:30 a.m.8 views

ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7541 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)

org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/10/15 6:54 p.m.145 views

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

Use dnslog to detect whether CVE-2024-37084 vulnerability exi...

9.8CVSS9.7AI score0.35211EPSS
Exploits4
GithubExploit
GithubExploit
added 2024/10/15 6:55 a.m.255 views

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

Detect vulnerabilities First, Use dnslog to detect whether CV...

9.8CVSS6.6AI score0.35211EPSS
Exploits4
Spring Security Advisories
Spring Security Advisories
added 2024/10/15 12:0 a.m.11 views

This Week in Spring - October 15th, 2024

Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/08 12:0 a.m.7 views

This Week in Spring - October 8th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/07 12:0 a.m.8 views

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/01 12:0 a.m.4 views

From Spring Framework 6.2 to 7.0

Dear Spring community, Spring Framework 6.2 is shaping up for general availability in November 2024, with particularly significant revisions in the core container and in our web support: see "What's New in Spring Framework 6.2". This release is designed for use with JDK 17-23 and Jakarta EE 9-10...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2024/09/10 4:58 p.m.267 views

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

CVE-2024-37084-Poc Setup ,Analysis , Demo exploit and poc abou...

9.8CVSS6.8AI score0.35211EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.161 views

Spring Cloud Config Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

6.5CVSS7.4AI score0.85295EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.337 views

Spring Cloud Config Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Directory Traversal in Spring Cloud Config Server', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability...

7.5CVSS7.4AI score0.95586EPSS
Exploits3
OSV
OSV
added 2024/08/27 12:38 p.m.17 views

BIT-SPRING-CLOUD-DATAFLOW-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...

9.8CVSS9.1AI score0.35211EPSS
Exploits4References2
Spring Security Advisories
Spring Security Advisories
added 2024/08/27 12:0 a.m.20 views

This Week in Spring - August 27th, 2024 - SpringOne 2024 edition

Hi, Spring fans, from the expo hall of SpringOne at VMware Explore 2024! There's a livestream of some of the key talks - register and watch for free now at SpringOne.io. Right now I'm hanging out at the expo hall manning a booth and doing demos to the hoardes of people streaming by, but I'll be...

6.3CVSS6.8AI score0.00123EPSS
Exploits0
Rows per page
Query Builder