Month: October 2018

Apache Struts contains a Remote Code Execution when using results with no namespace and it’s upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it’s upper actions have no or wildcard n…

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script …

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
…

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
…

A denial of service vulnerability exists when OData Library improperly handles web requests, aka “OData Denial of Service Vulnerability.” This affects Microsoft.Data.OData.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-8269
https://github.com/a…