Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 2018/05/11 8:29 p.m.1 views

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.01176EPSS
Exploits0References1
Prion
Prionadded 2018/04/06 1:29 p.m.28 views

Remote code execution

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

7.5CVSS9.5AI score0.89352EPSS
Exploits5References16Affected Software28
Veracode
Veracodeadded 2018/04/06 1:7 a.m.36 views

Remote Code Execution (RCE)

spring-messaging is susceptible to remote code execution RCE attack. The vulnerability exists through the simple STOMP broker that exposes a weakness to malicious users who can perform a RCE attack through the STORM payload...

9.8CVSS9.5AI score0.89352EPSS
Exploits5References23Affected Software1
Rows per page
Query Builder