750 matches found
PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway
Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...
This Week in Spring - July 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...
GHSA-J4R7-P9FP-W3F3 Spring Cloud Function Framework vulnerable to Denial of Service
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
Spring Cloud Function Framework vulnerable to Denial of Service
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=4.0.1), cn.herodotus.engine:message-kafka-spring-boot-starter (>=3.2.0.0 <=3.3.0.2) +441 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.1.0 <=4.1.1)
org.springframework.cloud:spring-cloud-function-context MAVEN version =4.1.0, =4.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =5.8.0, =5.8.0, =5.8.0, =5.13...
city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)
org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...
CVE-2024-22271
A flaw was found in the Spring Cloud Function framework. Affected versions of this package are vulnerable to denial of service DoS when attempting to compose functions with nonexisting functions. This flaw allows an attacker to trigger a cache overflow. Mitigation Mitigation for this issue is...
CVE-2024-22271
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
CVE-2024-22271
The CVE-2024-22271 entry describes a denial-of-service vulnerability in Spring Cloud Function Framework when composing functions with non-existing functions. Affected versions are Spring Cloud Function Framework 4.1.0–4.1.2 and 4.0.0–4.0.8, specifically when using the Web module. The root cause i...
Spring Cloud Security Vulnerabilities
Spring Cloud is a microservices framework based on Spring Boot implementation by the US Spring team. A security vulnerability exists in Spring Cloud Function Framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, which stems from an application being vulnerable to a denial-of-service...
This Week in Spring - July 9th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...
PT-2024-7898
Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remot...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 A code injection attack on spring cloud gate...
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
CVE-2024-22263
CVE-2024-22263 affects Spring Cloud Data Flow’s Skipper server, where improper sanitization of upload paths enables a malicious user with API access to write arbitrary files to the file system and potentially compromise the server. The vulnerability targets the upload mechanism (upload path handl...
VMware Spring Cloud Data Flow Security Vulnerability
VMware Spring Cloud Data Flow is a codebase for streaming and batch processing of data in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow that stems from. Improperly cleaned upload paths could allow an attacker to write arbitrary files to any...
Spring Cloud Function Web DOS Vulnerability
Description In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is...