VMware Spring Boot 2.0.0 Milestone 7

CPE Details

VMware Spring Boot 2.0.0 Milestone 7
2.0.0
2022-04-07
12h55 +00:00
2022-04-07
13h02 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_boot

Version

2.0.0

Update

milestone7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20883 2023-05-25 22h00 +00:00 In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
7.5
High
CVE-2023-20873 2023-04-19 22h00 +00:00 In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
9.8
Critical
CVE-2022-27772 2022-03-30 15h45 +00:00 spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
7.8
High
CVE-2018-1196 2018-03-19 18h00 +00:00 Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.
5.9
Medium