Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring boot vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2021-22573
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token wil...
Google Oauth Client Library For Java
1 Github repository
6.7
CVSSv3
CVE-2021-4178
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged malicious user to supply malicious YAML.
Redhat Fabric8-kubernetes
Redhat Fabric8-kubernetes 5.8.0
Redhat Fabric8-kubernetes 5.0.0
Redhat Process Automation 7.0
Redhat Openshift Application Runtimes -
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat A-mq Streams 2.0.1
Redhat Fuse 7.11
Redhat Integration Camel Quarkus 2.2.1
Redhat Build Of Quarkus 2.2.5
4.3
CVSSv3
CVE-2020-1724
A flaw was found in Keycloak in versions prior to 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
Redhat Keycloak
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes -
5.6
CVSSv3
CVE-2020-1744
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this ev...
Redhat Keycloak
3.8
CVSSv3
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
Redhat Keycloak
5.3
CVSSv3
CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely r...
Eclipse Jetty 12.0.0
Eclipse Jetty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
7.4
CVSSv3
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an malicious user to ac...
Hibernate Hibernate Orm
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Quarkus Quarkus
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Cloud Native Core Console 1.9.0
2 Github repositories
7.5
CVSSv3
CVE-2023-1370
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It exists that the code does not have any limit to...
Json-smart Project Json-smart
7.5
CVSSv3
CVE-2019-14832
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Redhat Keycloak
6.1
CVSSv3
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions prior to 3.11.1.Final and prior to 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Resteasy
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »