CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20866
https://notcve.org/view.php?id=CVE-2023-20866
13 Apr 2023 — In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. • https://spring.io/security/cve-2023-20866 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 55%CPEs: 2EXPL: 1CVE-2023-20860 – springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
https://notcve.org/view.php?id=CVE-2023-20860
27 Mar 2023 — Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern. Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing ... • https://github.com/limo520/CVE-2023-20860 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20861 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20861
23 Mar 2023 — In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS). Red Hat support for Spring Boot provides an application platform that reduces the complexity of develop... • https://security.netapp.com/advisory/ntap-20230420-0007 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20859
https://notcve.org/view.php?id=CVE-2023-20859
23 Mar 2023 — In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. • https://spring.io/security/cve-2023-20859 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22602 – Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request
https://notcve.org/view.php?id=CVE-2023-22602
14 Jan 2023 — When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` Cuando se utiliza Apache Shiro ante... • https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl • CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 2CVE-2022-31691
https://notcve.org/view.php?id=CVE-2022-31691
04 Nov 2022 — Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. Spring Tools 4 para Eclipse versión 4.16.0 y siguientes, así como extensiones VSCode com... • https://github.com/SpindleSec/CVE-2022-31691 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 4EXPL: 3CVE-2022-31692 – spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
https://notcve.org/view.php?id=CVE-2022-31692
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forwar... • https://github.com/SpindleSec/cve-2022-31692 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31690 – spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
https://notcve.org/view.php?id=CVE-2022-31690
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Sect... • https://security.netapp.com/advisory/ntap-20221215-0010 • CWE-269: Improper Privilege Management •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31679
https://notcve.org/view.php?id=CVE-2022-31679
21 Sep 2022 — Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. Las aplicaciones que permiten el acceso HTTP PATCH a los recursos expuestos por Spring Data REST en versiones 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, y las versiones más antiguas no soportadas, si un atacante conoce la estruc... • https://tanzu.vmware.com/security/cve-2022-31679 •
CVSS: 9.8EPSS: 86%CPEs: 2EXPL: 6CVE-2022-22980
https://notcve.org/view.php?id=CVE-2022-22980
22 Jun 2022 — A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. Una aplicación MongoDB de Spring Data es vulnerable a una inyección de SpEL cuando son usados métodos de consulta @Query o @Aggregation-annotated con expresiones SpEL que contienen marcadores de posición de parámetros de consulta para la vinculación de valores si la entrada ... • https://github.com/trganda/CVE-2022-22980 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •