{"vulnerability": "CVE-2023-34034", "sightings": [{"uuid": "ae49e6e1-81b4-44ab-ba4d-d34d0b3d2418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/cibsecurity/67011", "content": "\u203c CVE-2023-34034 \u203c\n\nUsing \"**\" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T18:21:56.000000Z"}, {"uuid": "19eb0f51-457b-4ad4-a83c-2201a21028db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1662", "content": "CVE-2023-34034\nSpring WebFlux \nWrite-Up and POC", "creation_timestamp": "2023-08-08T21:07:53.000000Z"}, {"uuid": "440ea02c-08d1-486a-a515-038e9ffe7675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180567", "content": "https://ift.tt/N6lHVqy\nCVE-2023-34034 | Oracle Communications Unified Inventory Management 7.4.1/7.4.2 Security Component Remote Code Execution", "creation_timestamp": "2024-02-07T08:41:42.000000Z"}, {"uuid": "750f528e-1b99-46da-a969-80590ace6414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181272", "content": "https://ift.tt/qQzLS7r\nCVE-2023-34034 | Oracle Banking Liquidity Management up to 14.7.0 Common Remote Code Execution", "creation_timestamp": "2024-02-08T10:41:45.000000Z"}, {"uuid": "3b87f45c-3442-4f2c-9e83-fb04fb1bc4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6045", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aDemonstration of CVE-2023-24034 authorization bypass in Spring Security \nURL\uff1ahttps://github.com/hotblac/cve-2023-34034\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-02T10:56:01.000000Z"}, {"uuid": "c6746d70-02e1-4043-8471-dedae0436f12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "Telegram/-0SggK295r_PMGpy4saKIHlhBSOW72-EpYhelgiyQ4dFAw", "content": "", "creation_timestamp": "2023-11-15T11:58:15.000000Z"}, {"uuid": "fc08a348-0d61-4096-a84e-876c2b2546f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/arpsyndicate/910", "content": "#ExploitObserverAlert\n\nCVE-2023-34034\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-34034. Using \"**\" as a pattern in Spring Security configuration  for WebFlux creates a mismatch in pattern matching between Spring  Security and Spring WebFlux, and the potential for a security bypass.\n\nFIRST-EPSS: 0.002050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T01:22:14.000000Z"}, {"uuid": "58805eb2-8b4e-48a8-b4f2-b550ed862853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180559", "content": "https://ift.tt/0NS6DGI\nCVE-2023-34034 | Oracle Communications Service Catalog and Design 7.4.2.8.0 PSR Designer Remote Code Execution", "creation_timestamp": "2024-02-07T08:11:29.000000Z"}, {"uuid": "99452a47-82c7-4855-a9b8-3309838c23cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180719", "content": "https://ift.tt/0ZHe1Ka\nCVE-2023-34034 | Oracle Communications Cloud Native Core Network Slice Selection Function Install/Upgrade Remote Code Execution", "creation_timestamp": "2024-02-07T14:46:52.000000Z"}, {"uuid": "7a4df7a0-4ad3-40a5-87e7-ec270626b013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181258", "content": "https://ift.tt/KXNw0aS\nCVE-2023-34034 | Oracle Banking Digital Experience 21.1.0/22.1.0/22.2.0 UI General Remote Code Execution", "creation_timestamp": "2024-02-08T10:11:46.000000Z"}, {"uuid": "3ff25587-d3db-466e-b605-e3bc719ef881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181256", "content": "https://ift.tt/PKwbINc\nCVE-2023-34034 | Oracle Banking Corporate Lending Process Management up to 14.7.0 Base Remote Code Execution", "creation_timestamp": "2024-02-08T10:11:40.000000Z"}, {"uuid": "f4876980-6b14-4b23-b48f-c753e5ec944c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7629", "content": "Spring WebFlux \u2013 CVE-2023-34034 \u2013 Write-Up and Proof-of-Concept\n\nhttps://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept/", "creation_timestamp": "2023-08-08T23:19:26.000000Z"}, {"uuid": "e180c525-2045-4f75-9e0a-40a4a6336260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/837", "content": "https://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept/\ncve-2023-34034\n#poc", "creation_timestamp": "2023-08-09T06:55:26.000000Z"}, {"uuid": "27a9504c-716f-493c-b19f-386e6534938b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/902", "content": "https://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept\ncve 2023-34034 poc", "creation_timestamp": "2023-08-21T05:00:50.000000Z"}, {"uuid": "0ad8eb4e-14ba-40f1-ac33-ac7889c3087f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8886", "content": "#exploit\n1. LPE on the DJI RM500 Smart Controller\nhttps://icanhack.nl/blog/dji-rm500-privilege-escalation\n\n2. CVE-2023-34034:\nSpring WebFlux PoC\nhttps://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept", "creation_timestamp": "2023-08-21T10:55:25.000000Z"}]}