CVE-2018-1259: XXE with Spring Data’s XMLBeam integration
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Abago Forgans. References
CVE-2018-1257: ReDoS Attack with spring-messaging
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd. References Example
CVE-2018-1261: Unsafe Unzip with spring-integration-zip
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by the Snyk Security Research Team. History 2018-05-09: Initial vulnerability report published
CVE-2018-1256: Issuer validation regression in Spring Cloud SSO Connector
Description Affected Spring Products and Versions Mitigation Credit This vulnerability was responsibly reported by the Pivotal SSO Service team. History 2018-04-30: Initial vulnerability report published
CVE-2018-1273: RCE with Spring Data Commons
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Philippe Arteau, GoSecure Inc. References https://jira.spring.io/browse/DATACMNS-1282 https://github.com/spring-projects/spring-data…
CVE-2018-1274: Denial of Service with Spring Data
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Yevhenii Hrushka (Yevgeniy Grushka), Fortify Webinspect. References https://jira.spring.io/browse/DATACMNS-1285 https://github.com/spring…
CVE-2018-1275: Address partial fix for CVE-2018-1270
Description Affected Spring Products and Versions Mitigation Credit This original issue CVE-2018-1270 was identified and responsibly reported by Alvaro Muñoz (@pwntester), Micro Focus Fortify. The subsequent CVE-2018-1275 partial fix was identified and…