CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-44794
https://notcve.org/view.php?id=CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. Un problema en Dromara SaToken versión 1.36.0 y anteriores permite a un atacante remoto escalar privilegios a través de un payload manipulado a la URL. • https://github.com/dromara/Sa-Token/issues/515 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20883 – spring-boot: Spring Boot Welcome Page DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack. • https://security.netapp.com/advisory/ntap-20230703-0008 https://spring.io/security/cve-2023-20883 https://access.redhat.com/security/cve/CVE-2023-20883 https://bugzilla.redhat.com/show_bug.cgi?id=2209342 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20873 – spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
https://notcve.org/view.php?id=CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. • https://security.netapp.com/advisory/ntap-20230601-0009 https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now https://spring.io/security/cve-2023-20873 https://access.redhat.com/security/cve/CVE-2023-20873 https://bugzilla.redhat.com/show_bug.cgi?id=2231491 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27772
https://notcve.org/view.php?id=CVE-2022-27772
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer spring-boot versiones anteriores a v2.2.11.RELEASE eran vulnerables a un secuestro de directorios temporales. Esta vulnerabilidad afectaba al método org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir. NOTA: Esta vulnerabilidad sólo afecta a productos y/o versiones que ya no son soportadas por el mantenedor • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26987
https://notcve.org/view.php?id=CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. Element Plug-in para vCenter Server incorpora SpringBoot Framework. Las versiones de SpringBoot Framework anteriores a 1.3.2 son susceptibles a una vulnerabilidad que, cuando es explotada con éxito, podría conllevar a una ejecución de código remota. • https://security.netapp.com/advisory/ntap-20210315-0001 •