A Bootiful Podcast: Spring Messaging Legend Soby Chacko

Hi, Spring fans! In this installment, we talk with the legendary Soby Chacko about Apache Kafka, Spring AI, and much more! apachekafka kafka...

SUSE CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

Denial Of Service (DoS)

spring-messaging is vulnerable to denial of service. The vulnerability exists because the handleMessageInternal function of SimpleBrokerMessageHandler.java does not properly handle to ignore the invalid STOMP frames, allowing an attacker to cause an application crash through the WebSocket endpoin...

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.21), at.chrl:chrl-jms (=1.1.0) +3935 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=5.2.21.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.5.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

ai.superstream:spring-kafka (>=2.8.4-alpha1 <=2.8.4-alpha6), biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.5) +1894 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=5.3.0 <=5.3.2)

org.springframework:spring-messaging MAVEN version =5.3.0, =2.8.4-alpha1, =1.0.1, =0.0.1-alpha, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =5.6.5, =5.6.5, =5.5.7, =5.6.5, =5.5.7, =5.5.7, =5.5.7, =6.0.5 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Regular Expression Denial Of Service (ReDoS)

spring-messaging is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS...

Spring Framework Spring-messaging Remote Code Execution Vulnerability

Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in Spring Framework Spring-messaging. An attacker can exploit the vulnerability to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

Remote Code Execution Vulnerability in Spring Framework spring-messaging Module

Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in the Spring Framework spring-messaging module. An attacker can exploit t...

Exploit for Code Injection in Vmware Spring_Framework

PoC exploit for CVE-2018-1270, a Spring messaging STOMP protocol...

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

DEBIAN-CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

Remote Code Execution (RCE)

spring-messaging is susceptible to remote code execution RCE attack. The vulnerability exists through the simple STOMP broker that exposes a weakness to malicious users who can perform a RCE attack through the STORM payload...