750 matches found
CVE-2022-22979
CVE-2022-22979 affects Spring Cloud Function Framework (Function Catalog) where a caching issue can allow a denial-of-service condition when a user directly interacts with framework-provided lookup functionality. Affected versions include Spring Cloud Function Framework 4.1.x prior to 4.1.2 and 4...
Spring Cloud 安全漏洞
Spring Cloud is a microservices framework implemented in Spring Boot by the Spring community. A security vulnerability exists in Spring Cloud Function versions prior to 3.2.6, which stems from a caching issue in the Function Catalog component and is exploited by an attacker to cause a denial of...
PT-2022-7238 · Unknown · Spring Cloud Function
Name of the Vulnerable Software and Affected Versions: Spring Cloud Function versions prior to 3.2.6 Description: The issue is related to a caching problem in the Function Catalog component, which can cause a denial-of-service condition when a user directly interacts with the framework's lookup...
Denial Of Service (DoS)
spring-cloud-function-context is denial of service. An attacker who directly interacts with framework can send malicious payload to the lookup function, triggering a caching issue in Function Catalog component of the framework and crashing the application...
CVE report published for Spring Cloud Function
We have released Spring Cloud Function 3.2.6 to address the following CVE report. CVE-2202-22979: Spring Cloud Function Dos Vulnerability Please review the information in the CVE report and upgrade immediately...
Spring Cloud Function Dos Vulnerability
In Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service condition due to the caching issue in Function Catalog component of the framework. At the time of writin...
This Week in Spring - June 14th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just arrived in beautiful Berlin, Germany, for the forthcoming We Are Developers show with more than five thousand attendees. I was in Toronto, Canada, for the epic SpringOne Tour installment there. Ive also had the...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...
This Week in Spring - June 7th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...
This Week in Spring - May 31st, 2022
Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-exp Reproduced the...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-exp Reproduced the...
cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +333 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)
org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...
ai.hyacinth.framework:core-service-api-support (=0.5.24), ai.hyacinth.framework:core-service-trigger-server (=0.5.24) +96 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (=2.2.0.RELEASE)
org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =2.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-openfeign-core and may be impacted: - ai.hyacinth.framework:core-service-api-suppo...
GHSA-PF94-6V2V-CM3J Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
PoC exploit for CVE-2022-22947, an arbitrary file upload vulnera...
This Week in Spring - May 17th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...