MEDIUM | OCTOBER 26, 2021 | CVE-2021-22096
Description In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Affected Spring Products and Versions Mitigation…
CRITICAL | JUNE 28, 2021 | CVE-2021-22119
Description Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and…
MEDIUM | MAY 25, 2021 | CVE-2021-22118
Description Affected Spring Products and Versions Mitigation Users of affected versions should apply the following mitigation. 5.3.x users should upgrade to 5.3.7. 5.2.x users should upgrade to 5.2.15. No other steps are necessary. Releases that have fixed…
LOW | FEBRUARY 26, 2021 | CVE-2021-22114
Description spring-integration-zip , versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal…
LOW | FEBRUARY 19, 2021 | CVE-2021-22112
Description Spring Security versions 5.4.0 to 5.4.3, 5.3.0.RELEASE to 5.3.8.RELEASE, 5.2.0.RELEASE to 5.2.8.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request. The SecurityContext…
MEDIUM | FEBRUARY 11, 2021 | CVE-2021-22113
Description Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications…
MEDIUM | JANUARY 25, 2021 | CVE-2020-5427
Description In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. Affected Spring Products and Versions Mitigation Users should upgrade to 2.5.4 and…
LOW | JANUARY 25, 2021 | CVE-2020-5428
Description In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. Affected Spring Products and Versions Mitigation Users should upgrade to 2.2.5 and…
HIGH | SEPTEMBER 17, 2020 | CVE-2020-5421
Description In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a…
HIGH | AUGUST 04, 2020 | CVE-2020-5412
Description Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting…
