Lucene search
K

7329 matches found

Github Security Blog
Github Security Blog
added 2018/10/17 8:7 p.m.49 views

Path Traversal in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

5.9CVSS3.5AI score0.35681EPSS
Exploits1References21Affected Software1
OSV
OSV
added 2018/10/17 8:7 p.m.78 views

GHSA-G8HW-794C-4J9G Path Traversal in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

5.9CVSS7.3AI score0.35681EPSS
Exploits1References21
vulnersOsv
vulnersOsv
added 2018/10/17 8:5 p.m.4 views

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

9.8CVSS7.1AI score0.77245EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2018/10/17 8:5 p.m.7 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

9.8CVSS7.1AI score0.77245EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2018/10/17 8:5 p.m.63 views

Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20Affected Software1
OSV
OSV
added 2018/10/17 8:5 p.m.291 views

GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20
vulnersOsv
vulnersOsv
added 2018/10/17 8:5 p.m.5 views

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +1037 more potentially affected by CVE-2018-1258 via org.springframework:spring-core (=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.5.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - ai.dev-tools:ai-devtools =0.1.12, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3.RELEASE,...

8.8CVSS6.8AI score0.02427EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 8:5 p.m.71 views

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS3.6AI score0.02427EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2018/10/17 8:5 p.m.31 views

GHSA-CXRJ-66C5-9FMH Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS9.1AI score0.02427EPSS
Exploits0References20
vulnersOsv
vulnersOsv
added 2018/10/17 8:2 p.m.7 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +21320 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=1.2 <=4.3.16.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.6, =0.1.4-SB1X, =0.1.0, =4.2.1, =4.4.1, =0.1.0, =1.0, =5.0.9, =5.1.0 and more Source cves: CVE-2018-1257 Source advisory: OSV:GHSA-RCPF-VJ53-7H2M...

6.5CVSS6.7AI score0.03279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:2 p.m.5 views

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +3662 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =0.1.12, =1.0.0, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE and more Source cves...

6.5CVSS6.7AI score0.03279EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 8:2 p.m.65 views

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS5.4AI score0.03279EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2018/10/17 8:2 p.m.30 views

GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.6AI score0.03279EPSS
Exploits0References16
vulnersOsv
vulnersOsv
added 2018/10/17 8:1 p.m.5 views

am.ik.blog:blog-domain (>=4.2.1 <=4.3.6), am.ik.blog:blog-mapper (>=4.4.1 <=4.5.0) +4431 more potentially affected by CVE-2018-1199 via org.springframework:spring-core (>=4.3.0.RELEASE <=4.3.13.RELEASE)

org.springframework:spring-core MAVEN version =4.3.0.RELEASE, =4.2.1, =4.4.1, =1.0.0.RELEASE, =1.0.0, =1.0.2, =1.6, =1.6, =1.6, =1.0.10, =0.2.13, =0.2.13, =0.2.13, =0.2.13, =0.2.28 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

5.3CVSS6.7AI score0.02857EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:1 p.m.7 views

am.ik.home:uaa-client (>=1.0.0 <=1.2.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.2.0) +690 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.1.0.RELEASE <=4.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.1.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.0.7.OSS, =1.0.7.OSS, =3.0.1.3, =3.0.0, =3.0.1.2, =3.0.1.11 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

5.3CVSS6.7AI score0.02857EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:1 p.m.4 views

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +2353 more potentially affected by CVE-2018-1199 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.2.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =1.0.3.RELEASE,...

5.3CVSS6.7AI score0.02857EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:1 p.m.4 views

am.ik.home:uaa-client (>=1.3.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.3.0 <=1.9.0) +1654 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =1.1.1, =1.12.0 and more Source cves: CVE-2018-1199 Source advisory: OSV:GHSA-V596-FWHQ-8X48...

5.3CVSS6.6AI score0.02857EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:1 p.m.6 views

ch.rasc:wamp2spring-security (=1.0.0), com.github.henkexbg:gallery-api (=0.3.0) +58 more potentially affected by CVE-2018-1199 via org.springframework.security:spring-security-core (=5.0.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - ch.rasc:wamp2spring-security =1.0.0 -...

5.3CVSS6.7AI score0.02857EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 8:1 p.m.45 views

Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS1.6AI score0.02857EPSS
Exploits0References14Affected Software2
OSV
OSV
added 2018/10/17 8:1 p.m.40 views

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.3AI score0.02857EPSS
Exploits0References14
Rows per page
Query Builder