The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Pivotal Spring Framework

Spring Framework: Cross Site Request Forgery via CORS Preflight Requests
An attacker can trigger a Cross Site Request Forgery via CORS Preflight Requests of Spring Framework, in order to force the victim to perform operations...
CVE-2020-5397, VIGILANCE-VUL-31363
Spring Framework: file reading via Content-Disposition Reflected File Download
A local attacker can read a file via Content-Disposition Reflected File Download of Spring Framework, in order to obtain sensitive information...
CVE-2020-5398, VIGILANCE-VUL-31360
Spring Framework: memory leak via StringDecoder
An attacker can create a memory leak via StringDecoder of Spring Framework, in order to trigger a denial of service...
24339, 24346, VIGILANCE-VUL-31320
Spring Framework: privilege escalation via JWT Issuer Validation
An attacker can bypass restrictions via JWT Issuer Validation of Spring Framework, in order to escalate his privileges...
CVE-2018-15801, VIGILANCE-VUL-28058
Spring Framework: denial of service via Complex Range Requests
An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service...
CERTFR-2019-AVI-331, cpuapr2020, cpujan2020, cpujul2019, cpuoct2019, CVE-2018-15756, ibm10957141, VIGILANCE-VUL-27548
Spring Framework: information disclosure via Cross-Domain Requests
An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information...
cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11040, VIGILANCE-VUL-26440
Spring Framework: information disclosure via Cross Site Tracing
An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information...
cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439
Spring Integration Zip: directory traversal
An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357)...
CVE-2018-1263, VIGILANCE-VUL-26358
Spring Integration Zip: directory traversal
An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357)...
CVE-2018-1261, VIGILANCE-VUL-26092
Spring Security OAuth: code execution
An attacker can use a vulnerability of Spring Security OAuth, in order to run code...
CVE-2018-1260, VIGILANCE-VUL-26091
Our database contains other pages. You can request a free trial to read them.

Display information about Pivotal Spring Framework: