Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 t
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 t
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6
Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 thro
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenti
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain a
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages.
Affected Spring Products and VersionsSpring Framework:
* 6.2.0 - 6.
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain a
Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix c
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16,
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpen
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the app
A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the ar
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denia
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers.
An application should be considered
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
Af
Page 1+ Next →