CVE-2020-17521 – groovy: OS temporary directory leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-17521
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. • https://groovy-lang.org/security.html#CVE-2020-17521 https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E https://security.netapp.com/advisory/ntap-20201218-0006 https://www.oracle.com//security-alerts/cpujul2021.html https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante el uso de un parámetro de ruta jsessionid In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. • https://github.com/pandaMingx/CVE-2020-5421 https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.or •
CVE-2020-11612 – netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
https://notcve.org/view.php?id=CVE-2020-11612
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignación de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podría enviar una secuencia de bytes de ZlibEncoded grande hacia el servidor de Netty, forzando al servidor a asignar toda su memoria liberada a un único decodificador. A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. • https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final https://github.com/netty/netty/issues/6168 https://github.com/netty/netty/pull/9924 https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache. • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-5397 – CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
https://notcve.org/view.php?id=CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework, versiones 5.2.x anteriores a 5.2.3 son vulnerables a los ataques de tipo CSRF por medio de peticiones de verificación previa CORS que van dirigidas a los endpoints Spring MVC (módulo spring-webmvc) o Spring WebFlux (módulo spring-webflux). • https://pivotal.io/security/cve-2020-5397 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. • http://www.securityfocus.com/bid/105703 https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/ • CWE-20: Improper Input Validation •