Lucene search
K

750 matches found

Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...

9CVSS6.8AI score0.00263EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2024/07/16 12:0 a.m.15 views

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

7.3AI score
Exploits0
OSV
OSV
added 2024/07/09 3:30 p.m.1 views

GHSA-J4R7-P9FP-W3F3 Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.8CVSS6.8AI score0.0036EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/09 3:30 p.m.39 views

Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS6.5AI score0.0036EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2024/07/09 3:30 p.m.6 views

ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=4.0.1), cn.herodotus.engine:message-kafka-spring-boot-starter (>=3.2.0.0 <=3.3.0.2) +441 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.1.0 <=4.1.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.1.0, =4.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =5.8.0, =5.8.0, =5.8.0, =5.13...

8.2CVSS7.1AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/09 3:30 p.m.6 views

city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...

8.2CVSS7.1AI score0.0036EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/07/09 2:21 p.m.15 views

CVE-2024-22271

A flaw was found in the Spring Cloud Function framework. Affected versions of this package are vulnerable to denial of service DoS when attempting to compose functions with nonexisting functions. This flaw allows an attacker to trigger a cache overflow. Mitigation Mitigation for this issue is...

7.5CVSS7.7AI score0.0036EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 1:15 p.m.39 views

CVE-2024-22271

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 12:50 p.m.20 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS6.6AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 12:50 p.m.38 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 12:50 p.m.67 views

CVE-2024-22271

The CVE-2024-22271 entry describes a denial-of-service vulnerability in Spring Cloud Function Framework when composing functions with non-existing functions. Affected versions are Spring Cloud Function Framework 4.1.0–4.1.2 and 4.0.0–4.0.8, specifically when using the Web module. The root cause i...

8.2CVSS7.6AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework based on Spring Boot implementation by the US Spring team. A security vulnerability exists in Spring Cloud Function Framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, which stems from an application being vulnerable to a denial-of-service...

8.2CVSS6.7AI score0.0036EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2024/07/09 12:0 a.m.9 views

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.3 views

PT-2024-7898

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remot...

8.8CVSS7AI score0.0127EPSS
Exploits0References15
GithubExploit
GithubExploit
added 2024/06/19 3:31 p.m.517 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 A code injection attack on spring cloud gate...

10CVSS9.5AI score0.98253EPSS
Exploits54
Cvelist
Cvelist
added 2024/06/19 2:48 p.m.39 views

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS0.17537EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/19 2:48 p.m.29 views

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS7AI score0.17537EPSS
Exploits1References1
CVE
CVE
added 2024/06/19 2:48 p.m.99 views

CVE-2024-22263

CVE-2024-22263 affects Spring Cloud Data Flow’s Skipper server, where improper sanitization of upload paths enables a malicious user with API access to write arbitrary files to the file system and potentially compromise the server. The vulnerability targets the upload mechanism (upload path handl...

8.8CVSS8.8AI score0.17537EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.6 views

VMware Spring Cloud Data Flow Security Vulnerability

VMware Spring Cloud Data Flow is a codebase for streaming and batch processing of data in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow that stems from. Improperly cleaned upload paths could allow an attacker to write arbitrary files to any...

8.8CVSS7.1AI score0.17537EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2024/06/19 12:0 a.m.7 views

Spring Cloud Function Web DOS Vulnerability

Description In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is...

8.2CVSS7.1AI score0.0127EPSS
Exploits0
Rows per page
Query Builder