SpringCore0day

Information https://spring.io/blog/2022/03/31/spring-framewor...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation...

Exploit for Code Injection in Vmware Spring_Framework

This is a PoC exploit for CVE-2022-22965, a remote code executio...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell-POC CVE-2022-22965 !Spring4Shellspring4shel...

Vmware Spring Framework Denial of Service Vulnerability

Vmware Spring Framework is a set of open source Java, JavaEE application framework from Vmware USA. The framework helps developers build high-quality applications.Vmware Spring Framework has a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service via a...

Spring Framework 代码注入漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A code injection vulnerability exists in Spring Framework that stems from the RCE for data binding on JDK 9+.The following products...

springframework: malicious input leads to insertion of additional log entries

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

springframework: malicious input leads to insertion of additional log entries

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

This Week in Spring - March 29th, 2022

Aloha, Spring fans, from beautiful Maui, Hawaii, where I am with my family on a bit of vacation. Its our daughters Spring break and so were enjoying the family time while we can get it! I wanted to take a brief interlude in between the never-enough time on the beach and all the rum to get this...

Spring Framework 代码注入漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A code injection vulnerability exists in Spring Framework. No information about the vulnerability is available at this time, please...

CVE-2022-22950

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

An update on Java 17+ adoption

As a follow-up to my blog post from last years SpringOne, it is time for an update on our Java 17+ baseline efforts! We established the new baseline on our main branches, with a few milestones out already. The feedback has been very positive, not only in terms of framework improvements but also i...

CVE report published for Spring Framework

We have released Spring Framework 5.3.17 and Spring Framework 5.2.20 to address the following CVE report. CVE-2022-22950: Spring Expression DoS Vulnerability Please review the information in the CVE report and upgrade immediately. Spring Boot users should upgrade to 2.5.11 or 2.6.5...

Vmware Spring Framework 安全漏洞

Vmware Spring Framework is a set of open source Java, JavaEE application framework from Vmware USA. The framework helps developers build high-quality applications.Vmware Spring Framework has a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service via a...

Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator

Summary Spring Framework is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-22060 by upgrading addressable to latest version. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

GHSA-V98J-7CRC-WVRJ Authentication bypass in Apache Shiro

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-22096)

Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed the vulnerability. Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a...

Log entry injection in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...