This page lists Spring advisories.
CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
Description
Applications that use UriComponentsBuilder
to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL…
CVE-2024-22243: Spring Framework URL Parsing with Host Validation
Description
Applications that use UriComponentsBuilder
to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL…
CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
CVE-2024-22236: local information disclosure via temporary directory created with unsafe permissions
Description
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
Affected Spring Products and Versions
- Spring Cloud Contract
- 4.1.0
- 4.0.0 to 4.0.5
- 3.1.0 to 3.1.10
Mitigation
Upgrade Spring Cloud Contract to 3.1.10 or 4.0.5 or 4.1.1.
Users of affected versions should apply the following mitigation. 4.1.x users should upgrade to 4.1.1. 4.0.x users should upgrade to 4.0.5. 3.1.x users should upgrade to 3.1.10. No other steps are necessary. Releases that have fixed this issue include:
- Spring Cloud Contract
- 4.1.1
- 4.0.5
- 3.1.10
Credit
This issue was identified and responsibly reported by Michael Kimball from Oddball.
References
CVE-2024-22233: Spring Framework server Web DoS Vulnerability
Description
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC
- Spring Security 6.1.6+ or 6.2.1+ is on the classpath …
CVE-2023-34053: Spring Framework server Web Observations DoS Vulnerability
Description
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC or Spring WebFlux
io.micrometer:micrometer-core
is on the classpath- an ObservationRegistry is configured in the application to record observations …
CVE-2023-34054: Reactor Netty HTTP Server Metrics DoS Vulnerability
CVE-2023-34055: Spring Boot server Web Observations DoS Vulnerability
CVE-2023-34062: Directory Traversal in Reactor Netty HTTP Server
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy