Spring Security Advisories

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Roman Shalymov from EPAM. References https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/reflected-file-download-a-new-web…

Description Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty (versions prior to 4.1.42), which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks…

Description Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to. References…

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Tim Büthe and Daniel Neagaru from mytaxi. History 2019-06-19: Initial vulnerability report published

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Mike Noordermeer. References Spring Security OAuth

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Thaveethu Vignesh References https://cwe.mitre.org/data/definitions/155.html https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L…

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Vern ([email protected] from PingAn Galaxy Lab). References