Lucene search
K

6 matches found

OSV
OSV
added 2018/10/17 8:2 p.m.30 views

GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.6AI score0.03279EPSS
Exploits0References16
OSV
OSV
added 2018/05/11 8:29 p.m.3 views

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References1
Veracode
Veracode
added 2018/05/10 7:2 a.m.28 views

Regular Expression Denial Of Service (ReDoS)

spring-messaging is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS...

6.5CVSS7.5AI score0.03279EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2018/04/06 1:29 p.m.31 views

Remote code execution

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

7.5CVSS9.5AI score0.77245EPSS
Exploits5References16Affected Software28
Veracode
Veracode
added 2018/04/06 1:7 a.m.38 views

Remote Code Execution (RCE)

spring-messaging is susceptible to remote code execution RCE attack. The vulnerability exists through the simple STOMP broker that exposes a weakness to malicious users who can perform a RCE attack through the STORM payload...

9.8CVSS9.5AI score0.77245EPSS
Exploits5References23Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2018/04/05 12:0 a.m.6 views

Remote Code Execution with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.5 and versions 4.3.x prior to 4.3.16, and older unsupported versions allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a messag...

9.8CVSS8.6AI score0.77245EPSS
Exploits5References2
Rows per page
Query Builder