750 matches found
CVE-2021-37694 Code injection issue for java-spring-cloud-stream-template
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...
Java Spring Cloud Stream template 代码注入漏洞
The Java Spring Cloud Stream template is a template for the AsyncAPI generator. A code injection vulnerability exists in Java Spring Cloud Stream template prior to version 0.7.0 for generating SpringCloudStream SCSt microservices, which can be exploited by an attacker to take control of an AsyncA...
Incorrect Authorization in Spring Cloud Netflix Zuul
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-gateway-conf (=3.1.0.RELEASE) +78 more potentially affected by CVE-2021-22113 via org.springframework.cloud:spring-cloud-netflix-zuul (>=2.0.0.RELEASE <=2.2.6.RELEASE)
org.springframework.cloud:spring-cloud-netflix-zuul MAVEN version =2.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =D.0.1.0-Beta-3 and more Source cves: CVE-2021-22113 Source advisory: OSV:GHSA-VWPG-F6GW-RJVFhttps://vulners.com/osv/OSV:GHSA-VWPG-F6GW-RJVF...
cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +436 more potentially affected by CVE-2021-29441 +1 more via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.0)
com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.0, =1.1, =1.1, =0.0.2, =0.0.2, =1.0.8, =1.4.0, =2021.6.0 - cn.iisme.cloud:iisme-demos-nacos-core =1.0.1 - cn.iisme.cloud:iisme-demos-nacos-web =1.0.1 - cn.iisme.cloud:iisme-gateway-nacos =1.0.1 -...
The vulnerabilities of Azure Container Instance, Azure Service Fabric, Azure Kubernetes Service, Azure Container Registry, and Azure Spring Cloud involve a lack of protection for service data, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of Azure Container Instance, Azure Service Fabric, Azure Kubernetes Service, Azure Container Registry, and Azure Spring Cloud are related to the lack of protection for service data. Exploiting these vulnerabilities can allow an attacker operating remotely to gain unauthorized...
PT-2021-2279 · Microsoft · Azure Container Instance +5
Name of the Vulnerable Software and Affected Versions: Azure Virtual Machine versions affected versions not specified Azure Container Instance versions affected versions not specified Azure Service Fabric versions affected versions not specified Azure Kubernetes Service versions affected versions...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
Design/Logic Flaw
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
The CVE-2021-22113 entry concerns Spring Cloud Netflix Zuul 2.2.6.RELEASE and earlier, where the Sensitive Headers functionality can be bypassed by specially constructed URLs. The Red Hat and GN documents corroborate that Zuul’s handling of sensitive headers is vulnerable, potentially allowing an...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
Vmware Spring Cloud Security Vulnerability
Vmware Spring Cloud Config is a set of configuration management solutions for distributed systems from Vmware. The product focuses on providing server and client support for external configuration in distributed systems. Spring Cloud Netflix Zuul 2.2.6.RELEASE A security vulnerability exists in t...
SQL Injection
spring-cloud-task-core is vulnerable to SQL injection. Lack of validation of the value that is passed via a PageRequest into the JdbcTaskExecutionDao potentially allows for execution of arbitrary SQL statements...
CVE-2020-5427
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
CVE-2020-5428
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...
CVE-2020-5427
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
Sql injection
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
Sql injection
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...
CVE-2020-5428 Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...