165 matches found
GHSA-9CMQ-M9J5-MVWW Spring Framework vulnerable to Denial of Service
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...
UBUNTU-CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...
Spring Framework 安全漏洞
VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework versions 5.3.0 through 5.3.38, which stems from the possibility that a user may supp...
OSV-2024-1018 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67071 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa...
OSV-2024-930 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70893 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl.hashCode...
VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Linux
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2024-7271 · Spring +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.38 Spring Framework older unsupported versions Description: The issue is related to the Spring Expression Language SpEL in Spring Framework. It is possible for a user to provide a specially crafted...
DataGear Security Breach
DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...
OSV-2024-335 Security exception in org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67978 Crash type: Security exception Crash state: org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp java.base/java.nio.charset.CharsetEncoder.replaceWith java.base/java.nio.charset.CharsetEncoder...
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3622)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3622 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...
VulnCheck KEV: CVE-2024-28254
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...
CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...
CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
OpenMetadata Security Vulnerabilities
OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.3.1 that stems from a SpEL injection vulnerability in PUT...
OpenMetadata Security Vulnerabilities
OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4, which stems from a SpEL injection...
OpenMetadata Security Vulnerabilities
OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4 that stems from a SpEL injection vulnerability in PUT...
PT-2024-3066 · Unknown · Openmetadata
Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the CompiledRule::validateExpression method, which evaluates an SpEL expression using a StandardEvaluationContext. This allows the expression to interact with Java...