750 matches found
This Week in Spring - January 14th, 2025
Hi, Spring fans, and greetings from the island of St. Barths! Salut depuis l'île de Saint-Barthélemy! I'm on a bit of PTO and have been bouncing around from one beach to another with my family. I just landed on a winning combination for a beach: warm water, a restaurant/bar, and some for-pay seat...
This Week in Spring - December 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...
This Week in Spring - November 26th, 2024
This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
CVE-2024-37084 Vulnerability Exploitation Example PoC CVE-2...
The vulnerability in the web module of the Spring Cloud Function software platform allows a attacker to perform a “denial-of-service” attack.
The vulnerability in the Spring Cloud Function software platform’s web module is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack...
This Week in Spring - November 12th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...
Let’s use OpenTelemetry with Spring
Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...
The vulnerability of the application programming interface of the Skipper server on the Spring Cloud Data Flow microservices platform allows a perpetrator to write a file to any directory in the system using a specially crafted API request.
The vulnerability of the application programming interface of the Skipper server in the Spring Cloud Data Flow microservices platform is related to improper code generation management. Exploiting this vulnerability allows an attacker, operating remotely, to write a file to any directory in the...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7541 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)
org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
Use dnslog to detect whether CVE-2024-37084 vulnerability exi...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
Detect vulnerabilities First, Use dnslog to detect whether CV...
This Week in Spring - October 15th, 2024
Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...
This Week in Spring - October 8th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...
From Spring Cloud Data Flow 2.11.x to 3.0
Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...
From Spring Framework 6.2 to 7.0
Dear Spring community, Spring Framework 6.2 is shaping up for general availability in November 2024, with particularly significant revisions in the core container and in our web support: see "What's New in Spring Framework 6.2". This release is designed for use with JDK 17-23 and Jakarta EE 9-10...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
CVE-2024-37084-Poc Setup ,Analysis , Demo exploit and poc abou...
Spring Cloud Config Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Spring Cloud Config Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Directory Traversal in Spring Cloud Config Server', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability...
BIT-SPRING-CLOUD-DATAFLOW-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
This Week in Spring - August 27th, 2024 - SpringOne 2024 edition
Hi, Spring fans, from the expo hall of SpringOne at VMware Explore 2024! There's a livestream of some of the key talks - register and watch for free now at SpringOne.io. Right now I'm hanging out at the expo hall manning a booth and doing demos to the hoardes of people streaming by, but I'll be...