EUVD-2022-4886

Malicious code in bioql PyPI...

Malicious code in oauth-web-flow (npm)

The package oauth-web-flow was found to contain malicious code...

MAL-2025-28021 Malicious code in oauth-web-flow (npm)

The package oauth-web-flow was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2017-8039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

Linux Distros Unpatched Vulnerability : CVE-2017-4971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Unsafe deserialization due to incomplete black list incomplete fix for CVE-2017-15095...

RHEL 7 : spring-webflow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...

This Week in Spring - April 4th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Me, I'm exhausted! It's been quite the odyssey trying to get to Devnexus, but I made it, eventually! If you're at Devnexus, check out this roundup of interesting and awesome talks from the Spring team and...

Spring Web Flow 3.0 M1 Released

It has been almost 4 years since the last set of Spring Web Flow releases. Nevertheless, the project continues to serve a specific need particularly well, arguably better than alternatives, and remains in active use. While there hasnt been a strong driver for new releases, the upcoming Spring...

Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-Q4V9-QJMW-J7VF Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-FG9W-CFFM-PMH2 Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

Design/Logic Flaw

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-41598 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

Authorization

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-22866

The CVE describes a UI misrepresentation in GitHub Enterprise Server’s GitHub App authorization flow. A user could grant more permissions than shown if the App had additional user-level permissions added after initial approval, by revisiting the authorization flow. Affected products/versions: Git...

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-8039 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected security, caused by an error related to applications that do not change the value of the...