750 matches found
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
It is an exploit module/toolkit targeting Apache Log4j. The targ...
VulnCheck KEV: CVE-2022-22963
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...
This Week in Spring - August 16th, 2022
Hi, Spring fans! Welcome to another wonder-filled installment of This Week in Spring! Its been a week! Sometimes I can scarcely believe it myself. And can you believe its August 16th already?? My daughters starting school this week! Were in the northern hemisphere, and Summer break is already ove...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 Introduction to CVE-2022-22947 The Spring C...
This Week in Spring - August 1st, 2022
Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...
VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection
The version of Spring Cloud Gateway running on the remote host is affected by a code injection vulnerability. Applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request tha...
VMware Spring Cloud Config 2.1 < 2.1.9 / 2.2 < 2.2.3 Directory Traversal
The version of Spring Cloud Config running on the remote host is affected by a directory traversal vulnerability. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the...
This Week in Spring - July 26th, 2022
Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...
VMware Spring Cloud Gateway Installed
Binary data vmwarespringcloudgatewayinstalled.nbin...
VMware Spring Cloud Config Installed
Binary data vmwarespringcloudconfiginstalled.nbin...
A Bootiful Podcast: Spring Cloud and Spring Cloud Kubernetes contributor Ryan Baxter
Hi, Spring fans! In this episode, Josh Long @starbuxman talks to a person who knows more than most about the awesome implications of both the words "Spring" and "Cloud," Spring Cloud Kubernetes lead Ryan Baxter @ryanjbaxter...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
Copied from Original: - ht...
cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +1145 more potentially affected by CVE-2021-43116 via com.alibaba.nacos:nacos-client (>=0.1.0 <=2.0.3)
com.alibaba.nacos:nacos-client MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.2, =1.0.0, =1.2.1, =1.0.4.R, =2.4.0, =1.1, =1.1, =1.0.0.RELEASE, =0.0.2, =0.0.2, =0.0.4.BETA, =1.0.0, =2.1.0 and more Source cves: CVE-2021-43116 Source advisory: OSV:GHSA-2G86-R6W2-WQQR...
This Week in Spring - July 5th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! This weeks all sorts of weird for me. Its Tuesday! But here in the US we just celebrated the 4th of July, and I, like many Americans, took a long weekend. Took some time with the family to do a little road trip up north to...
Denial of Service in Spring Cloud Function
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
Race condition
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...