Vulnerabilites related to Spring - Spring Boot
cve-2024-38807
Vulnerability from cvelistv5
Published
2024-08-23 08:26
Modified
2025-03-27 16:36
Severity ?
EPSS score ?
Summary
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.7.x Version: 3.0.x Version: 3.1.x Version: 3.2.x Version: 3.3.x |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38807", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T17:13:03.601236Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T16:36:21.258Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-17T20:02:54.673Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250117-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "Spring Boot", product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "2.7.22", status: "affected", version: "2.7.x", versionType: "enterprise support only", }, { lessThan: "3.0.17", status: "affected", version: "3.0.x", versionType: "enterprise support only", }, { lessThan: "3.1.13", status: "affected", version: "3.1.x", versionType: "enterprise support only", }, { lessThan: "3.2.9", status: "affected", version: "3.2.x", versionType: "OSS", }, { lessThan: "3.3.3", status: "affected", version: "3.3.x", versionType: "OSS", }, ], }, ], datePublic: "2024-08-23T08:22:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Applications that use </span><code>spring-boot-loader</code><span style=\"background-color: rgb(255, 255, 255);\"> or </span><code>spring-boot-loader-classic</code><span style=\"background-color: rgb(255, 255, 255);\"> and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.</span><br>", }, ], value: "Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T08:26:11.826Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-38807", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-38807", datePublished: "2024-08-23T08:26:11.826Z", dateReserved: "2024-06-19T22:31:57.186Z", dateUpdated: "2025-03-27T16:36:21.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34055
Vulnerability from cvelistv5
Published
2023-11-28 08:27
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* org.springframework.boot:spring-boot-actuator is on the classpath
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.7.0 Version: 3.0.0 Version: 3.1.0 Version: older unsupported versions |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:52.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://spring.io/security/cve-2023-34055", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231221-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", ], product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "2.7.18", status: "affected", version: "2.7.0", versionType: "2.7.18", }, { lessThan: "3.0.13", status: "affected", version: "3.0.0", versionType: "3.0.13", }, { lessThan: "3.1.6", status: "affected", version: "3.1.0", versionType: "3.1.6", }, { status: "affected", version: "older unsupported versions", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.</p><p>Specifically, an application is vulnerable when all of the following are true:</p><ul><li>the application uses Spring MVC or Spring WebFlux</li><li><code>org.springframework.boot:spring-boot-actuator</code> is on the classpath</li></ul><br>", }, ], value: "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * org.springframework.boot:spring-boot-actuator is on the classpath", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T22:06:28.480Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2023-34055", }, { url: "https://security.netapp.com/advisory/ntap-20231221-0010/", }, ], source: { discovery: "UNKNOWN", }, title: "Spring Boot server Web Observations DoS Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-34055", datePublished: "2023-11-28T08:27:25.132Z", dateReserved: "2023-05-25T17:21:56.203Z", dateUpdated: "2025-02-13T16:55:15.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3797
Vulnerability from cvelistv5
Published
2019-05-06 15:21
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-3797 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.0 < v2.0.9.RELEASE Version: 1.5 < v1.5.20.RELEASE Version: 2.1 < v2.1.4.RELEASE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.481Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2019-3797", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "v2.0.9.RELEASE", status: "affected", version: "2.0", versionType: "custom", }, { lessThan: "v1.5.20.RELEASE", status: "affected", version: "1.5", versionType: "custom", }, { lessThan: "v2.1.4.RELEASE", status: "affected", version: "2.1", versionType: "custom", }, ], }, ], datePublic: "2019-04-08T00:00:00", descriptions: [ { lang: "en", value: "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89: SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-06T15:21:37", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2019-3797", }, ], source: { discovery: "UNKNOWN", }, title: "Additional information exposure with Spring Data JPA derived queries", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2019-04-08T00:00:00.000Z", ID: "CVE-2019-3797", STATE: "PUBLIC", TITLE: "Additional information exposure with Spring Data JPA derived queries", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Boot", version: { version_data: [ { affected: "<", version_affected: "<", version_name: "2.0", version_value: "v2.0.9.RELEASE", }, { affected: "<", version_affected: "<", version_name: "1.5", version_value: "v1.5.20.RELEASE", }, { affected: "<", version_affected: "<", version_name: "2.1", version_value: "v2.1.4.RELEASE", }, ], }, }, ], }, vendor_name: "Spring", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89: SQL Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2019-3797", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2019-3797", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3797", datePublished: "2019-05-06T15:21:37.081031Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:33:03.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-22235
Vulnerability from cvelistv5
Published
2025-04-28 07:10
Modified
2025-04-28 16:18
Severity ?
EPSS score ?
Summary
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.
Your application may be affected by this if all the following conditions are met:
* You use Spring Security
* EndpointRequest.to() has been used in a Spring Security chain configuration
* The endpoint which EndpointRequest references is disabled or not exposed via web
* Your application handles requests to /null and this path needs protection
You are not affected if any of the following is true:
* You don't use Spring Security
* You don't use EndpointRequest.to()
* The endpoint which EndpointRequest.to() refers to is enabled and is exposed
* Your application does not handle requests to /null or this path does not need protection
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.7.x Version: 3.1.x Version: 3.2.x Version: 3.3.x Version: 3.4.x |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-22235", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-28T16:16:38.622106Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-28T16:18:23.559Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "2.7.25", status: "affected", version: "2.7.x", versionType: "Enterprise Support Only", }, { lessThan: "3.1.16", status: "affected", version: "3.1.x", versionType: "Enterprise Support Only", }, { lessThan: "3.2.14", status: "affected", version: "3.2.x", versionType: "Enterprise Support Only", }, { lessThan: "3.3.11", status: "affected", version: "3.3.x", versionType: "OSS", }, { lessThan: "3.4.5", status: "affected", version: "3.4.x", versionType: "OSS", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><code>EndpointRequest.to()</code> creates a matcher for <code>null/**</code> if the actuator endpoint, for which the <code>EndpointRequest</code> has been created, is disabled or not exposed.</p><p>Your application may be affected by this if all the following conditions are met:</p><ul><li>You use Spring Security</li><li><code>EndpointRequest.to()</code> has been used in a Spring Security chain configuration</li><li>The endpoint which <code>EndpointRequest</code> references is disabled or not exposed via web</li><li>Your application handles requests to <code>/null</code> and this path needs protection</li></ul><p>You are not affected if any of the following is true:</p><ul><li>You don't use Spring Security</li><li>You don't use <code>EndpointRequest.to()</code></li><li>The endpoint which <code>EndpointRequest.to()</code> refers to is enabled and is exposed</li><li>Your application does not handle requests to <code>/null</code> or this path does not need protection</li></ul><br>", }, ], value: "EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to() has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest references is disabled or not exposed via web\n * Your application handles requests to /null and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don't use Spring Security\n * You don't use EndpointRequest.to()\n * The endpoint which EndpointRequest.to() refers to is enabled and is exposed\n * Your application does not handle requests to /null or this path does not need protection", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T07:10:35.370Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2025-22235", }, ], source: { discovery: "UNKNOWN", }, title: "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2025-22235", datePublished: "2025-04-28T07:10:35.370Z", dateReserved: "2025-01-02T04:30:06.832Z", dateUpdated: "2025-04-28T16:18:23.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }