Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): spring
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-43191 |
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-43192 |
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. Published: September 27, 2023; 6:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-34047 |
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. Published: September 20, 2023; 6:15:14 AM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-40788 |
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs Published: September 18, 2023; 8:15:34 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-40787 |
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Published: August 29, 2023; 9:15:53 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34040 |
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. Published: August 24, 2023; 9:15:07 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-39106 |
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Published: August 21, 2023; 1:15:48 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-38493 |
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue. Published: July 25, 2023; 5:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-34034 |
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. Published: July 19, 2023; 11:15:11 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34035 |
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints Published: July 18, 2023; 12:15:11 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-34036 |
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers. Published: July 17, 2023; 7:15:09 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-38286 |
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI. Published: July 14, 2023; 1:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-45855 |
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. Published: July 12, 2023; 6:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-42009 |
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. Published: July 12, 2023; 6:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20883 |
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. Published: May 26, 2023; 1:15:14 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-29986 |
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. Published: May 10, 2023; 10:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-20873 |
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. Published: April 20, 2023; 5:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20862 |
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. Published: April 19, 2023; 4:15:10 PM -0400 |
V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2023-20866 |
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. Published: April 13, 2023; 4:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-20863 |
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Published: April 13, 2023; 4:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |