CVSS: 5.0EPSS: 41%CPEs: 2EXPL: 1CVE-2023-34050 – Spring AMQP Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2023-34050
19 Oct 2023 — In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originat... • https://github.com/X1r0z/spring-amqp-deserialization • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34047 – Exposure of data and identity to wrong session in Spring for GraphQL
https://notcve.org/view.php?id=CVE-2023-34047
20 Sep 2023 — A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. Una función de cargador por lotes en Spring para las versiones GraphQL 1.1.0 - 1.1.5 y 1.2.0 - 1.2.2 puede estar expuesta al contexto GraphQL con valores, incluidos val... • https://spring.io/security/cve-2023-34047 •
CVSS: 7.8EPSS: 16%CPEs: 2EXPL: 4CVE-2023-34040 – Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
https://notcve.org/view.php?id=CVE-2023-34040
24 Aug 2023 — In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container p... • https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 39%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of func... • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 7.3EPSS: 1%CPEs: 3EXPL: 3CVE-2023-34035
https://notcve.org/view.php?id=CVE-2023-34035
18 Jul 2023 — Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Securi... • https://github.com/mouadk/CVE-2023-34035-Poc • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34036 – Forwarded header exploit with Spring HATEOAS on WebFlux
https://notcve.org/view.php?id=CVE-2023-34036
17 Jul 2023 — Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring W... • https://spring.io/security/cve-2023-34036 • CWE-116: Improper Encoding or Escaping of Output CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20883 – spring-boot: Spring Boot Welcome Page DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20883
26 May 2023 — In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the applicat... • https://security.netapp.com/advisory/ntap-20230703-0008 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20873 – spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
https://notcve.org/view.php?id=CVE-2023-20873
20 Apr 2023 — In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. • https://security.netapp.com/advisory/ntap-20230601-0009 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20862 – spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout
https://notcve.org/view.php?id=CVE-2023-20862
19 Apr 2023 — In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to ... • https://security.netapp.com/advisory/ntap-20230526-0002 • CWE-459: Incomplete Cleanup •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20863 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20863
13 Apr 2023 — In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server. This release of Camel for Spring Boot 3.20.1 serv... • https://security.netapp.com/advisory/ntap-20240524-0015 • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •