spring-security-oauth2-2.0.8.RELEASE.jar: 45 vulnerabilities (highest severity is: 9.8) #4
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github.1485827954.workers.dev
bot
added
the
Mend: dependency security vulnerability
Open
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Module for providing OAuth2 support to Spring Security
Library home page: http://static.springframework.org/spring-security/oauth
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.0.8.RELEASE/spring-security-oauth2-2.0.8.RELEASE.jar
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - spring-security-web-3.2.8.RELEASE.jar
spring-security-web
Library home page: http://spring.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/3.2.8.RELEASE/spring-security-web-3.2.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with "." in the regular expression are possibly vulnerable to an authorization bypass.
Publish Date: 2022-05-19
URL: CVE-2022-22978
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2022-22978/
Release Date: 2022-05-19
Fix Resolution: org.springframework.security:spring-security-web:5.5.7,5.6.4
Vulnerable Library - spring-beans-4.0.9.RELEASE.jar
Spring Beans
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.0.9.RELEASE/spring-beans-4.0.9.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18
Vulnerable Library - jackson-mapper-asl-1.9.13.jar
Data Mapper package is a high-performance data binding package built on Jackson JSON processor
Library home page: http://fasterxml.com
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/jackson/jackson-mapper-asl/1.9.13/jackson-mapper-asl-1.9.13.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Publish Date: 2019-10-01
URL: CVE-2019-10202
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://lists.apache.org/thread/08302h5kp2l9ry2zq8vydomlhn0fg4j4
Release Date: 2019-10-01
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.0.0
Vulnerable Library - spring-security-oauth2-2.0.8.RELEASE.jar
Module for providing OAuth2 support to Spring Security
Library home page: http://static.springframework.org/spring-security/oauth
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.0.8.RELEASE/spring-security-oauth2-2.0.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
Publish Date: 2018-05-11
URL: CVE-2018-1260
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-1260
Release Date: 2018-05-11
Fix Resolution: 2.0.15.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-4.2.5.RELEASE.jar
Spring Web
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.5.RELEASE/spring-web-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.
Publish Date: 2020-01-02
URL: CVE-2016-1000027
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-4wrc-f8pq-fpqp
Release Date: 2020-01-02
Fix Resolution (org.springframework:spring-web): 4.3.26.RELEASE
Direct dependency fix Resolution (org.springframework.security.oauth:spring-security-oauth2): 2.0.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-webmvc-4.0.9.RELEASE.jar
Spring Web MVC
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.0.9.RELEASE/spring-webmvc-4.0.9.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Publish Date: 2017-05-25
URL: CVE-2015-5211
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
Release Date: 2017-05-25
Fix Resolution (org.springframework:spring-webmvc): 4.1.8.RELEASE
Direct dependency fix Resolution (org.springframework.security.oauth:spring-security-oauth2): 2.0.18.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-web-3.2.8.RELEASE.jar
spring-security-web
Library home page: http://spring.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/3.2.8.RELEASE/spring-security-web-3.2.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true: It must be a WebFlux application, It must be using Spring's static resources support, and it must have a non-permitAll authorization rule applied to the static resources support.
Publish Date: 2024-10-28
URL: CVE-2024-38821
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38821
Release Date: 2024-10-28
Fix Resolution: org.springframework.security:spring-security-web:5.7.13,5.8.15,6.0.13,6.1.11,6.2.7,6.3.4
Vulnerable Library - spring-core-4.0.9.RELEASE.jar
Spring Core
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.0.9.RELEASE/spring-core-4.0.9.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
In spring-core, versions v4.0.0.RC1 through v4.1.8.RELEASE, and v4.2.0.RC1 through v4.2.2.RELEASE, allow arbitrary code execution due to the
SerializableTypeWrapperclass, which allows invocation of any method on the Java classpath through itsMethodInvokeTypeProvidermethod.SerializableTypeWrapper, implementing theSerializableinterface, can be included in a maliciously crafted serialized object and be used to eventually invokeRuntime.getRuntime.exec(), ifcommons-collectionsis included in the classpath.Publish Date: 2021-06-29
URL: WS-2021-0170
CVSS 3 Score Details (9.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2021-06-29
Fix Resolution (org.springframework:spring-core): 4.1.9.RELEASE
Direct dependency fix Resolution (org.springframework.security.oauth:spring-security-oauth2): 2.0.18.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-web-3.2.8.RELEASE.jar
spring-security-web
Library home page: http://spring.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/3.2.8.RELEASE/spring-security-web-3.2.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Publish Date: 2021-02-23
URL: CVE-2021-22112
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22112
Release Date: 2021-02-23
Fix Resolution: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4
Vulnerable Library - spring-security-oauth2-2.0.8.RELEASE.jar
Module for providing OAuth2 support to Spring Security
Library home page: http://static.springframework.org/spring-security/oauth
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.0.8.RELEASE/spring-security-oauth2-2.0.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Publish Date: 2017-05-25
URL: CVE-2016-4977
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4977
Release Date: 2017-05-25
Fix Resolution: 2.0.10.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-core-3.2.8.RELEASE.jar
spring-security-core
Library home page: http://spring.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/3.2.8.RELEASE/spring-security-core-3.2.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Publish Date: 2024-03-18
URL: CVE-2024-22257
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22257
Release Date: 2024-03-18
Fix Resolution: org.springframework.security:spring-security-core:5.7.12,5.8.11,6.1.8,6.2.3
Vulnerable Library - spring-web-4.2.5.RELEASE.jar
Spring Web
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.5.RELEASE/spring-web-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-04-16
URL: CVE-2024-22262
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22262
Release Date: 2024-04-16
Fix Resolution: org.springframework:spring-web:5.3.34;6.0.19,6.1.6
Vulnerable Library - spring-web-4.2.5.RELEASE.jar
Spring Web
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.5.RELEASE/spring-web-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-03-16
URL: CVE-2024-22259
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22259
Release Date: 2024-03-16
Fix Resolution: org.springframework:spring-web:5.3.33,6.0.18,6.1.5
Vulnerable Library - spring-web-4.2.5.RELEASE.jar
Spring Web
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.5.RELEASE/spring-web-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Publish Date: 2024-02-23
URL: CVE-2024-22243
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22243
Release Date: 2024-02-23
Fix Resolution: org.springframework:spring-web:5.3.32,6.0.17,6.1.4
Vulnerable Library - spring-security-oauth2-2.0.8.RELEASE.jar
Module for providing OAuth2 support to Spring Security
Library home page: http://static.springframework.org/spring-security/oauth
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/oauth/spring-security-oauth2/2.0.8.RELEASE/spring-security-oauth2-2.0.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
Publish Date: 2018-10-18
URL: CVE-2018-15758
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15758
Release Date: 2018-10-18
Fix Resolution: 2.0.16.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-webmvc-4.0.9.RELEASE.jar
Spring Web MVC
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.0.9.RELEASE/spring-webmvc-4.0.9.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
This is similar to CVE-2024-38816, but with different input.
Publish Date: 2024-12-19
URL: CVE-2024-38819
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38819
Release Date: 2024-12-19
Fix Resolution: org.springframework:spring-webflux:6.1.14, org.springframework:spring-webmvc:6.1.14
Vulnerable Library - spring-webmvc-4.0.9.RELEASE.jar
Spring Web MVC
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.0.9.RELEASE/spring-webmvc-4.0.9.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
However, malicious requests are blocked and rejected when any of the following is true:
Publish Date: 2024-09-13
URL: CVE-2024-38816
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38816
Release Date: 2024-09-13
Fix Resolution: org.springframework:spring-webflux:6.1.13, org.springframework:spring-webmvc:6.1.13
Vulnerable Library - jackson-mapper-asl-1.9.13.jar
Data Mapper package is a high-performance data binding package built on Jackson JSON processor
Library home page: http://fasterxml.com
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/jackson/jackson-mapper-asl/1.9.13/jackson-mapper-asl-1.9.13.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Publish Date: 2019-11-18
URL: CVE-2019-10172
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10172
Release Date: 2019-11-18
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.0.0-RC1
Vulnerable Library - spring-web-4.2.5.RELEASE.jar
Spring Web
Library home page: http://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.5.RELEASE/spring-web-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Publish Date: 2018-10-18
URL: CVE-2018-15756
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-15756
Release Date: 2018-10-18
Fix Resolution (org.springframework:spring-web): 4.3.20.RELEASE
Direct dependency fix Resolution (org.springframework.security.oauth:spring-security-oauth2): 2.0.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-web-3.2.8.RELEASE.jar
spring-security-web
Library home page: http://spring.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/3.2.8.RELEASE/spring-security-web-3.2.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 06ef2adac3e2fd2c043c13588404f117ba371e88
Found in base branch: main
Vulnerability Details
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
Publish Date: 2017-01-06
URL: CVE-2016-9879
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9879
Release Date: 2017-01-06
Fix Resolution (org.springframework.security:spring-security-web): 3.2.10.RELEASE
Direct dependency fix Resolution (org.springframework.security.oauth:spring-security-oauth2): 2.0.13.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: