Debian Libspring-Java vulnerabilities

CVE-2023-20861 [MEDIUM] CVE-2023-20861: libspring-java - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.... In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-20863 [MEDIUM] CVE-2023-20863: libspring-java - In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it i... In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-34053 [MEDIUM] CVE-2023-34053: libspring-java - In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provid... In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an Obser

CVE-2022-22968 [MEDIUM] CVE-2022-22968: libspring-java - In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupport... In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of a

CVE-2022-22970 [MEDIUM] CVE-2022-22970: libspring-java - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported vers... In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-22950 [MEDIUM] CVE-2022-22950: libspring-java - n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is... n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-22965 [CRITICAL] CVE-2022-22965: libspring-java - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t... A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the

CVE-2022-22971 [MEDIUM] CVE-2022-22971: libspring-java - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported vers... In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2021-22118 [HIGH] CVE-2021-22118: libspring-java - In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to ... In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart re

CVE-2021-22060 [MEDIUM] CVE-2021-22060: libspring-java - In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupport... In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. Scope: local bookworm: o

CVE-2021-22096 [MEDIUM] CVE-2021-22096: libspring-java - In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupport... In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2020-5397 [MEDIUM] CVE-2020-5397: libspring-java - Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks t... Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentica

CVE-2020-5421 [CRITICAL] CVE-2020-5421: libspring-java - In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.... In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. Scope: local bookworm: resolved (fixed in 4.3.30-1) bullseye: resolved (fixed in 4.3.3

CVE-2020-5398 [HIGH] CVE-2020-5398: libspring-java - In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.... In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Scope: local bookworm: resolved bullseye: reso

CVE-2018-1270 [CRITICAL] CVE-2018-1270: libspring-java - Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 a... Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVE-2018-11040 [HIGH] CVE-2018-11040: libspring-java - Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and ol... Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Sp

CVE-2018-15756 [HIGH] CVE-2018-15756: libspring-java - Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x pr... Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious u

CVE-2018-1272 [HIGH] CVE-2018-1272: libspring-java - Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 a... Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be expose

CVE-2018-11039 [MEDIUM] CVE-2018-11039: libspring-java - Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18,... Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filt

CVE-2018-1257 [MEDIUM] CVE-2018-1257: libspring-java - Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17,... Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of