750 matches found
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
CVE-2024-22236
Spring Cloud Contract (org.springframework.cloud:spring-cloud-contract-shade) is affected. Versions 4.1.x before 4.1.1, 4.0.x before 4.0.5, and 3.1.x before 3.1.10 permit local information disclosure due to temporary directories created with unsafe permissions via the shaded com.google.guava:guav...
Spring Cloud Security Vulnerabilities
Spring Cloud is a microservices framework implemented in Spring Boot by the Spring team. A security vulnerability exists in Spring Cloud Contract versions prior to 4.1.1, 4.0.5, and 3.1.10, which can be exploited to disclose local information through a temporary directory created with insecure...
PT-2024-19288 · Google +1 · Guava +1
Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...
This Week in Spring - January 30th, 2024
Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...
This Week in Spring - January 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...
This Week in Spring - December 12th, 2023
Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...
This Week in Spring - December 5th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...
This Week in Spring - November 14th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...
This Week in Spring - November 7th, 2023
Hi, Spring fans! Can you believe we've already turned the calendar page to November? Time sure is a swift developer, deploying months as if they were minor versions in an ever-evolving application. As we adjust our clocks to fall back, waving a reluctant goodbye to daylight savings time, the...
This Week in Spring - October 31st, 2023
Hi Spring fans, and Happy Halloween from the Spring team to those who celebrate! I hope your evening is fun and your day free of scary bugs! My friends, we've got some interesting stuff to look at this week so let's dive right into it. A Bootiful Podcast: Mr. Spring in Action, Craig Walls Spring...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...
A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...
This Week in Spring - October 17th, 2023
Hi, Spring fans! Welcome to yet another installment of This Week in Spring! It's October 17th, 2023, and I am here in Montreal, Canada, and then I'm off to Salt Lake City, Utah on Thursday for the Java User Group there. Don't miss it! We've got a lot to cover this week so let's dive right into it...
Apache Kafka’s Exactly-Once Semantics in Spring Cloud Stream Kafka Applications
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...
Transactional Rollback Strategies with Spring Cloud Stream and Apache Kafka
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications In th...
Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications In the previous part of this blog series, we saw the basics of transaction management, primarily when...
This Week in Spring - October 3rd, 2023
Hi Spring fans! Welcome to another installment of This Week in Spring! How're you doin'? I've just flown in from Singapore - where I was keynoting and presenting at SpringOne Singapore - and am now in Antwerp, Belgium for the deliriously fun Devoxx Belgium show. I've missed this show, and it's a...
Producer Initiated Transactions in Spring Cloud Stream Kafka Applications
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications This article is part 2 of the blog series in which we look at transactions in detail with Spring Cloud Stream and Apache Kafka. We saw a general introduction to transactions in the...