Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Affected Spring Products and Versions

• Spring Framework
  • 5.3.0 to 5.3.10
  • 5.2.0 to 5.2.17
  • Older, unsupported versions are also affected

Mitigation

…

Description

The Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. Classes in the java.lang and java.util packages are trusted.

It is possible to construct a…

Description

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and…

Description

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Spring MVC applications are not affected by this vulnerability, nor are applications that do not handle multipart file requests.

Affected Spring Products and Versions

• Spring Framework
  • 5.2.0 to 5.2.14
  • 5.3.0 to 5.3.6

Mitigation

Users of affected versions should apply the following mitigation. 5.3.x users should upgrade to 5.3.7. 5.2.x users should upgrade to 5.2.15. No other steps are necessary. Releases that have fixed this issue include:

• Spring Framework
  • 5.3.7
  • …

Description

spring-integration-zip , versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal…

Description

Spring Security versions 5.4.0 to 5.4.3, 5.3.0.RELEASE to 5.3.8.RELEASE, 5.2.0.RELEASE to 5.2.8.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request. The SecurityContext…

Description

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications…

Description

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Affected Spring Products and Versions

• Spring Cloud Data Flow
  • 2.6.x
  • 2.5.x

Mitigation

Users should upgrade to 2.5.4 and higher. Releases that have fixed this issue include:

• Spring Cloud Data Flow
  • 2.7.0
  • 2.6.5
  • …

Description

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Affected Spring Products and Versions

• Spring Cloud Task
  • 2.2.4 and below

Mitigation

Users should upgrade to 2.2.5 and higher. Releases that have fixed this issue include:

• Spring Cloud Task
  • 2.3.0
  • …

Description

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a…