Vulnerabilites related to Spring - Spring Boot
cve-2023-34055
Vulnerability from cvelistv5
Published
2023-11-28 08:27
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* org.springframework.boot:spring-boot-actuator is on the classpath
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.7.0 Version: 3.0.0 Version: 3.1.0 Version: older unsupported versions |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:52.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://spring.io/security/cve-2023-34055", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231221-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", ], product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "2.7.18", status: "affected", version: "2.7.0", versionType: "2.7.18", }, { lessThan: "3.0.13", status: "affected", version: "3.0.0", versionType: "3.0.13", }, { lessThan: "3.1.6", status: "affected", version: "3.1.0", versionType: "3.1.6", }, { status: "affected", version: "older unsupported versions", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.</p><p>Specifically, an application is vulnerable when all of the following are true:</p><ul><li>the application uses Spring MVC or Spring WebFlux</li><li><code>org.springframework.boot:spring-boot-actuator</code> is on the classpath</li></ul><br>", }, ], value: "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * org.springframework.boot:spring-boot-actuator is on the classpath", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T22:06:28.480Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2023-34055", }, { url: "https://security.netapp.com/advisory/ntap-20231221-0010/", }, ], source: { discovery: "UNKNOWN", }, title: "Spring Boot server Web Observations DoS Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-34055", datePublished: "2023-11-28T08:27:25.132Z", dateReserved: "2023-05-25T17:21:56.203Z", dateUpdated: "2025-02-13T16:55:15.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3797
Vulnerability from cvelistv5
Published
2019-05-06 15:21
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-3797 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.0 < v2.0.9.RELEASE Version: 1.5 < v1.5.20.RELEASE Version: 2.1 < v2.1.4.RELEASE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.481Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2019-3797", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "v2.0.9.RELEASE", status: "affected", version: "2.0", versionType: "custom", }, { lessThan: "v1.5.20.RELEASE", status: "affected", version: "1.5", versionType: "custom", }, { lessThan: "v2.1.4.RELEASE", status: "affected", version: "2.1", versionType: "custom", }, ], }, ], datePublic: "2019-04-08T00:00:00", descriptions: [ { lang: "en", value: "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89: SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-06T15:21:37", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2019-3797", }, ], source: { discovery: "UNKNOWN", }, title: "Additional information exposure with Spring Data JPA derived queries", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2019-04-08T00:00:00.000Z", ID: "CVE-2019-3797", STATE: "PUBLIC", TITLE: "Additional information exposure with Spring Data JPA derived queries", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Boot", version: { version_data: [ { affected: "<", version_affected: "<", version_name: "2.0", version_value: "v2.0.9.RELEASE", }, { affected: "<", version_affected: "<", version_name: "1.5", version_value: "v1.5.20.RELEASE", }, { affected: "<", version_affected: "<", version_name: "2.1", version_value: "v2.1.4.RELEASE", }, ], }, }, ], }, vendor_name: "Spring", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89: SQL Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2019-3797", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2019-3797", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3797", datePublished: "2019-05-06T15:21:37.081031Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:33:03.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38807
Vulnerability from cvelistv5
Published
2024-08-23 08:26
Modified
2025-03-27 16:36
Severity ?
EPSS score ?
Summary
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Version: 2.7.x Version: 3.0.x Version: 3.1.x Version: 3.2.x Version: 3.3.x |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38807", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T17:13:03.601236Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T16:36:21.258Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-17T20:02:54.673Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250117-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "Spring Boot", product: "Spring Boot", vendor: "Spring", versions: [ { lessThan: "2.7.22", status: "affected", version: "2.7.x", versionType: "enterprise support only", }, { lessThan: "3.0.17", status: "affected", version: "3.0.x", versionType: "enterprise support only", }, { lessThan: "3.1.13", status: "affected", version: "3.1.x", versionType: "enterprise support only", }, { lessThan: "3.2.9", status: "affected", version: "3.2.x", versionType: "OSS", }, { lessThan: "3.3.3", status: "affected", version: "3.3.x", versionType: "OSS", }, ], }, ], datePublic: "2024-08-23T08:22:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Applications that use </span><code>spring-boot-loader</code><span style=\"background-color: rgb(255, 255, 255);\"> or </span><code>spring-boot-loader-classic</code><span style=\"background-color: rgb(255, 255, 255);\"> and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.</span><br>", }, ], value: "Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T08:26:11.826Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-38807", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-38807", datePublished: "2024-08-23T08:26:11.826Z", dateReserved: "2024-06-19T22:31:57.186Z", dateUpdated: "2025-03-27T16:36:21.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }