Lucene search
K

750 matches found

CVE
CVE
added 2022/06/21 2:23 p.m.113 views

CVE-2022-22979

CVE-2022-22979 affects Spring Cloud Function Framework (Function Catalog) where a caching issue can allow a denial-of-service condition when a user directly interacts with framework-provided lookup functionality. Affected versions include Spring Cloud Function Framework 4.1.x prior to 4.1.2 and 4...

7.5CVSS7.3AI score0.0127EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.3 views

Spring Cloud 安全漏洞

Spring Cloud is a microservices framework implemented in Spring Boot by the Spring community. A security vulnerability exists in Spring Cloud Function versions prior to 3.2.6, which stems from a caching issue in the Function Catalog component and is exploited by an attacker to cause a denial of...

7.5CVSS6.7AI score0.0127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.3 views

PT-2022-7238 · Unknown · Spring Cloud Function

Name of the Vulnerable Software and Affected Versions: Spring Cloud Function versions prior to 3.2.6 Description: The issue is related to a caching problem in the Function Catalog component, which can cause a denial-of-service condition when a user directly interacts with the framework's lookup...

8.2CVSS7.2AI score0.0127EPSS
Exploits0References16
Veracode
Veracode
added 2022/06/16 4:24 a.m.28 views

Denial Of Service (DoS)

spring-cloud-function-context is denial of service. An attacker who directly interacts with framework can send malicious payload to the lookup function, triggering a caching issue in Function Catalog component of the framework and crashing the application...

7.5CVSS7.3AI score0.0127EPSS
Exploits0References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/06/16 12:8 a.m.23 views

CVE report published for Spring Cloud Function

We have released Spring Cloud Function 3.2.6 to address the following CVE report. CVE-2202-22979: Spring Cloud Function Dos Vulnerability Please review the information in the CVE report and upgrade immediately...

5CVSS2.3AI score0.0127EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/06/15 12:0 a.m.6 views

Spring Cloud Function Dos Vulnerability

In Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service condition due to the caching issue in Function Catalog component of the framework. At the time of writin...

7.5CVSS6.6AI score0.0127EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2022/06/14 7:0 a.m.25 views

This Week in Spring - June 14th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just arrived in beautiful Berlin, Germany, for the forthcoming We Are Developers show with more than five thousand attendees. I was in Toronto, Canada, for the epic SpringOne Tour installment there. Ive also had the...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2022/06/08 9:52 a.m.428 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...

10CVSS7.9AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/06/08 9:52 a.m.377 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...

10CVSS7.9AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2022/06/07 12:0 p.m.23 views

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

0.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/05/31 7:0 p.m.23 views

This Week in Spring - May 31st, 2022

Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2022/05/31 12:24 p.m.120 views

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

10CVSS10AI score0.99999EPSS
Exploits472References16
GithubExploit
GithubExploit
added 2022/05/29 1:7 a.m.486 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-exp Reproduced the...

10CVSS7.1AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/05/29 1:7 a.m.302 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-exp Reproduced the...

10CVSS7.1AI score0.98253EPSS
Exploits54
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.5 views

cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +333 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...

7.5CVSS7.1AI score0.01065EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.6 views

ai.hyacinth.framework:core-service-api-support (=0.5.24), ai.hyacinth.framework:core-service-trigger-server (=0.5.24) +96 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (=2.2.0.RELEASE)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =2.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-openfeign-core and may be impacted: - ai.hyacinth.framework:core-service-api-suppo...

7.5CVSS7.1AI score0.01065EPSS
Exploits0
OSV
OSV
added 2022/05/24 7:19 p.m.3 views

GHSA-PF94-6V2V-CM3J Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.5CVSS5.8AI score0.01065EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 7:19 p.m.28 views

Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.5CVSS2.8AI score0.01065EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2022/05/19 2:58 p.m.364 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

PoC exploit for CVE-2022-22947, an arbitrary file upload vulnera...

10CVSS9.5AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2022/05/17 11:5 p.m.33 views

This Week in Spring - May 17th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...

7.2AI score
Exploits0
Rows per page
Query Builder