1711 matches found
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that originates from a denial of service DoS by supplying a specially crafted Sp...
CVE-2023-20863
CVE-2023-20863 is a Spring Framework DoS issue. The vulnerability occurs when a user supplies a specially crafted SpEL expression, leading to denial of service. Affected are Spring Framework versions before 5.2.24, before 5.3.27, and before 6.0.8. IBM and other advisories corroborate the DoS risk...
springframework: DoS via data binding to multipartFile or servlet part
A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
springframework: DoS with STOMP over WebSocket
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using specially created SpEL expressions...
GHSA-7PHW-CXX7-Q9VQ Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
DEBIAN-CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Security feature bypass
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
UBUNTU-CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Denial Of Service (DoS)
Spring Framework is vulnerable to Denial of Service DoS. The vulnerability is due to a lack of max repeated words and max number of character logic in the Spring Expression Language parser located in the getValueInternal function of OpMultiply and the getValueInternal function in OperatorMatches,...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring Framework versions 6.0.0 through 6.0.6 and 5.3.0 through 5.3.25, which stems from a schem...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...
Context Propagation with Project Reactor 1 - The Basics
This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Boot 3 and Spring Framework 6 brought us a unified and consistent way to enable Observability in applications that use Micrometer. The evolution from...
CVE-2023-20860
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...