Lucene search
K

750 matches found

Spring Security Advisories
Spring Security Advisories
added 2024/06/18 12:0 a.m.15 views

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.5 views

The vulnerability of the application programming interface of the Spring Cloud Skipper package management server allows a perpetrator to write any files they desire.

The vulnerability of the Spring Cloud Skipper package manager’s application interface involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to write any files they desire...

6.8CVSS5.5AI score0.17537EPSS
Exploits1References6Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/06/04 12:0 a.m.18 views

This Week in Spring - June 4th, 2024

Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.8 views

PT-2024-4070 · Unknown · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow affected versions not specified Description: The issue is related to improper sanitization for upload paths in the Skipper server, allowing a malicious user with access to the server API to write arbitrary files to any...

8.8CVSS7.1AI score0.17537EPSS
Exploits1References26
GithubExploit
GithubExploit
added 2024/05/08 4:25 a.m.432 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...

9.8CVSS9.7AI score0.99939EPSS
Exploits36
Spring Security Advisories
Spring Security Advisories
added 2024/04/30 12:0 a.m.16 views

Spring Tips: Spring Cloud Gateway for Spring MVC

Hi, Spring fans! In this installment, we revisit Spring Cloud Gateway, this time to look at the fantastic new support for Spring MVC, made all the more amazing by Java 21's virtual threads...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/04/30 12:0 a.m.18 views

This Week in Spring - April 30th, 2024

Welcome to yet another amazing installment of This Week in Spring! As usual, we've got a ton of stuff to get into, so let's dive right into it! Chris Bono announces the new versions of Spring Functions Catalog and Spring Cloud Streams Applications In last week's installment of A Bootiful Podcast,...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/04/16 12:0 a.m.6 views

SQL Injection Vulnerability in SpringBlade of Shanghai Breadtech Co.

SpringBlade is a microservice architecture upgraded and optimized from a commercial-grade project, built with core technologies such as Spring Boot 2.5 and Spring Cloud 2020, and fully following Alibaba coding standards. Ltd. SpringBlade exists SQL injection vulnerability, attackers can use the...

7.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/04/03 12:0 a.m.17 views

This Week in Spring - April 2nd, 2024

Welcome, welcome, welcome, to another installment of This Week in Spring! You know, we've come a long way since you and I last spoke. It's April already! A new month! How bizarre. And, with the dawning of a new month, we're also more than 25% through this year! I sure hope you're paying attention...

7.1AI score
Exploits0
OSV
OSV
added 2024/03/06 11:5 a.m.14 views

BIT-SPRING-CLOUD-DATAFLOW-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

7.2CVSS7.4AI score0.0106EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/01 6:2 a.m.18 views

Information Disclosure

Spring Cloud Contract is vulnerable to Information Disclosure. The vulnerability is due to temporary directories created with insecure permissions due to the guava dependency...

5.5CVSS6.8AI score0.00223EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/01/31 9:30 a.m.5 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...

5.5CVSS6AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/31 9:30 a.m.4 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=4.0.1 <=4.0.4), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (>=4.0.0 <=4.0.4) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=4.0.0 <=4.0.4)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.0.0, =4.0.1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.4 Source cves: CVE-2024-22236 Source advisory: OSV:GHSA-P6RP-MX85-M459...

5.5CVSS6AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/31 9:30 a.m.5 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=3.1.0 <=3.1.1), no.skatteetaten.aurora.gradle.plugins:aurora-gradle-plugin (>=4.4.6 <=4.5.2) +14 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=3.1.0 <=3.1.1)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =3.1.0, =3.1.0, =4.4.6, =4.4.6, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.1 - org.springframework.cloud:spr...

5.5CVSS6AI score0.00223EPSS
Exploits0
OSV
OSV
added 2024/01/31 9:30 a.m.3 views

GHSA-P6RP-MX85-M459 Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

3.3CVSS6.1AI score0.00223EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/01/31 9:30 a.m.22 views

Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS6.6AI score0.00223EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/31 7:15 a.m.31 views

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS4.4AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 7:15 a.m.22 views

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS6.6AI score0.00223EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 7:15 a.m.18 views

Information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

1.7CVSS6.6AI score0.00223EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 6:54 a.m.13 views

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

3.3CVSS6.3AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder