VMware Spring Boot 2.7.8

CPE Details

VMware Spring Boot 2.7.8
vmware
spring_boot
2.7.8
2023-07-31
18h59 +00:00
2023-07-31
19h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:spring_boot:2.7.8:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_boot

Version

2.7.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-34055 2023-11-28 08h27 +00:00 In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
6.5
Medium
CVE-2023-44794 2023-10-24 22h00 +00:00 An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
9.8
Critical
CVE-2023-20883 2023-05-25 22h00 +00:00 In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
7.5
High
CVE-2023-20873 2023-04-19 22h00 +00:00 In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
9.8
Critical