VMware Spring Framework 6.0.8

CPE Details

VMware Spring Framework 6.0.8
vmware
spring_framework
6.0.8
2023-04-19
09h57 +00:00
2023-07-07
17h47 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:vmware:spring_framework:6.0.8:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_framework

Version

6.0.8

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-38820 2024-10-18 05h39 +00:00 The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
5.3
Moyen
CVE-2023-34053 2023-11-28 08h10 +00:00 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
7.5
Haute
CVE-2023-44794 2023-10-24 22h00 +00:00 An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
9.8
Critique