Lucene search
K

750 matches found

GithubExploit
GithubExploit
added 2022/08/23 6:38 a.m.255 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

It is an exploit module/toolkit targeting Apache Log4j. The targ...

10CVSS9.2AI score0.98253EPSS
Exploits54
VulnCheck KEV
VulnCheck KEV
added 2022/08/19 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-22963

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.8AI score0.99939EPSS
Exploits36References1
Spring Security Advisories
Spring Security Advisories
added 2022/08/16 7:0 a.m.37 views

This Week in Spring - August 16th, 2022

Hi, Spring fans! Welcome to another wonder-filled installment of This Week in Spring! Its been a week! Sometimes I can scarcely believe it myself. And can you believe its August 16th already?? My daughters starting school this week! Were in the northern hemisphere, and Summer break is already ove...

7.7AI score
Exploits0
GithubExploit
GithubExploit
added 2022/08/03 2:51 a.m.549 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Introduction to CVE-2022-22947 The Spring C...

10CVSS7.8AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2022/08/02 7:0 a.m.10 views

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/07/29 12:0 a.m.52 views

VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection

The version of Spring Cloud Gateway running on the remote host is affected by a code injection vulnerability. Applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request tha...

10CVSS8.6AI score0.98253EPSS
Exploits54References2
Tenable Nessus
Tenable Nessus
added 2022/07/29 12:0 a.m.62 views

VMware Spring Cloud Config 2.1 < 2.1.9 / 2.2 < 2.2.3 Directory Traversal

The version of Spring Cloud Config running on the remote host is affected by a directory traversal vulnerability. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the...

7.5CVSS7.1AI score0.95586EPSS
Exploits3References2
Spring Security Advisories
Spring Security Advisories
added 2022/07/26 7:0 a.m.28 views

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/07/26 12:0 a.m.28 views

VMware Spring Cloud Gateway Installed

Binary data vmwarespringcloudgatewayinstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/07/26 12:0 a.m.29 views

VMware Spring Cloud Config Installed

Binary data vmwarespringcloudconfiginstalled.nbin...

7.3AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2022/07/21 9:0 a.m.13 views

A Bootiful Podcast: Spring Cloud and Spring Cloud Kubernetes contributor Ryan Baxter

Hi, Spring fans! In this episode, Josh Long @starbuxman talks to a person who knows more than most about the awesome implications of both the words "Spring" and "Cloud," Spring Cloud Kubernetes lead Ryan Baxter @ryanjbaxter...

2.8AI score
Exploits0
GithubExploit
GithubExploit
added 2022/07/12 8:20 a.m.334 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Copied from Original: - ht...

10CVSS9.7AI score0.98253EPSS
Exploits54
vulnersOsv
vulnersOsv
added 2022/07/06 12:0 a.m.7 views

cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +1145 more potentially affected by CVE-2021-43116 via com.alibaba.nacos:nacos-client (>=0.1.0 <=2.0.3)

com.alibaba.nacos:nacos-client MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.2, =1.0.0, =1.2.1, =1.0.4.R, =2.4.0, =1.1, =1.1, =1.0.0.RELEASE, =0.0.2, =0.0.2, =0.0.4.BETA, =1.0.0, =2.1.0 and more Source cves: CVE-2021-43116 Source advisory: OSV:GHSA-2G86-R6W2-WQQR...

8.8CVSS7.2AI score0.0555EPSS
Exploits4
Spring Security Advisories
Spring Security Advisories
added 2022/07/05 9:0 a.m.20 views

This Week in Spring - July 5th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This weeks all sorts of weird for me. Its Tuesday! But here in the US we just celebrated the 4th of July, and I, like many Americans, took a long weekend. Took some time with the family to do a little road trip up north to...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/06/22 12:0 a.m.23 views

Denial of Service in Spring Cloud Function

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS3.6AI score0.0127EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/21 3:15 p.m.22 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS0.0127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/21 3:15 p.m.5 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS6.7AI score0.0127EPSS
Exploits0References2
OSV
OSV
added 2022/06/21 3:15 p.m.17 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS7.4AI score0.0127EPSS
Exploits0References1
Prion
Prion
added 2022/06/21 3:15 p.m.20 views

Race condition

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

5CVSS7.4AI score0.0127EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/21 2:23 p.m.32 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

8.1AI score0.0127EPSS
Exploits0References1
Rows per page
Query Builder