Description

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects…

Description

The Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size.

This can cause an OOM Error with a large message body.

Affected Spring Products and Versions

• Spring AMQP
  • 2.2.0 - 2.2.19
  • 2.3.0 - 2.3.11

Mitigation

Users…

Description

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor…

Description

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services.

Affected Spring Products and Versions

• Spring Cloud Gateway
  • 3.0.0 to 3.0.4
  • 2.2.0.RELEASE to 2.2.9.RELEASE
  • Older, unsupported versions are also affected

Mitigation

Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE+. No other steps are necessary. Releases that have fixed this issue include:

• Spring Cloud Gateway
  • 3.0.5+
  • …

Description

Applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods. Although a response is not returned for a request sent in…

Description

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under…

Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Affected Spring Products and Versions

• Spring Framework
  • 5.3.0 to 5.3.10
  • 5.2.0 to 5.2.17
  • Older, unsupported versions are also affected

Mitigation

…

Description

The Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. Classes in the java.lang and java.util packages are trusted.

It is possible to construct a…

Description

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and…

Description

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Spring MVC applications are not affected by this vulnerability, nor are applications that do not handle multipart file requests.

Affected Spring Products and Versions

• Spring Framework
  • 5.2.0 to 5.2.14
  • 5.3.0 to 5.3.6

Mitigation

Users of affected versions should apply the following mitigation. 5.3.x users should upgrade to 5.3.7. 5.2.x users should upgrade to 5.2.15. No other steps are necessary. Releases that have fixed this issue include:

• Spring Framework
  • 5.3.7
  • …