CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20861 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20861
23 Mar 2023 — In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS). Red Hat support for Spring Boot provides an application platform that reduces the complexity of develop... • https://security.netapp.com/advisory/ntap-20230420-0007 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22602 – Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request
https://notcve.org/view.php?id=CVE-2023-22602
14 Jan 2023 — When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` Cuando se utiliza Apache Shiro ante... • https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl • CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 2CVE-2022-31691
https://notcve.org/view.php?id=CVE-2022-31691
04 Nov 2022 — Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. Spring Tools 4 para Eclipse versión 4.16.0 y siguientes, así como extensiones VSCode com... • https://github.com/SpindleSec/CVE-2022-31691 •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31690 – spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
https://notcve.org/view.php?id=CVE-2022-31690
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Sect... • https://security.netapp.com/advisory/ntap-20221215-0010 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 7%CPEs: 4EXPL: 3CVE-2022-31692 – spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
https://notcve.org/view.php?id=CVE-2022-31692
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forwar... • https://github.com/SpindleSec/cve-2022-31692 • CWE-863: Incorrect Authorization •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31679
https://notcve.org/view.php?id=CVE-2022-31679
21 Sep 2022 — Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. Las aplicaciones que permiten el acceso HTTP PATCH a los recursos expuestos por Spring Data REST en versiones 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, y las versiones más antiguas no soportadas, si un atacante conoce la estruc... • https://tanzu.vmware.com/security/cve-2022-31679 •
CVSS: 9.8EPSS: 84%CPEs: 2EXPL: 6CVE-2022-22980
https://notcve.org/view.php?id=CVE-2022-22980
22 Jun 2022 — A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. Una aplicación MongoDB de Spring Data es vulnerable a una inyección de SpEL cuando son usados métodos de consulta @Query o @Aggregation-annotated con expresiones SpEL que contienen marcadores de posición de parámetros de consulta para la vinculación de valores si la entrada ... • https://github.com/trganda/CVE-2022-22980 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22979
https://notcve.org/view.php?id=CVE-2022-22979
21 Jun 2022 — In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. Spring Cloud Function las versiones anteriores a 3.2.6, es posible que un usuario que interactúe directamente con la funcionalidad de búsqueda proporcionada por el framework cause una condición de denegación de servicio debido a un problema de almacena... • https://tanzu.vmware.com/security/cve-2022-22979 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
19 May 2022 — Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros.... • https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 90%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
19 May 2022 — In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedo... • https://github.com/DeEpinGh0st/CVE-2022-22978 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •