Vulnerabilities |
100 via 1403 paths |
|---|---|
Dependencies |
125 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: org.springframework.boot:spring-boot-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
Overview
Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to establishing SSL connections to Cassandra without verifying that the hostname in the server's SSL certificate actually matched the hostname of the server being connected to. While the application might have verified that the certificate was signed by a trusted Certificate Authority (CA), failing to verify the hostname means an attacker could present any valid certificate (even one meant for a different domain) to successfully intercept the connection, leaving the application vulnerable to Man-in-the-Middle (MitM) attacks.
Remediation
Upgrade org.springframework.boot:spring-boot-autoconfigure to version 3.5.14, 4.0.6 or higher.
References
critical severity
- Vulnerable module: org.springframework.security:spring-security-web
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.12.
Overview
org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response headers for servlet applications. An attacker can manipulate HTTP responses by exploiting the failure to write expected headers, potentially leading to unauthorized access or information disclosure.
Remediation
Upgrade org.springframework.security:spring-security-web to version 6.5.9, 7.0.4 or higher.
References
critical severity
new
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the DatabindContext._resolveAndValidateGeneric() method, which validates only the raw container class of a type identifier against the configured PolymorphicTypeValidator and not its nested generic type arguments. An attacker who controls the type identifier can instantiate a denied class, and reach unauthenticated remote code execution through an available gadget, by embedding that class as a generic parameter of an allowlisted container such as java.util.ArrayList<com.evil.Gadget>, which passes validation while the nested type is loaded, instantiated, and populated with attacker-controlled values. Exploitation requires polymorphic type validation to be enabled with a configured validator, the application to deserialize untrusted JSON, and a suitable gadget class on the classpath.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502) is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.18.8, 2.21.4 or higher.
References
critical severity
new
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() method, which allowlists an array based only on clazz.isArray() and does not validate the array's component type. An attacker who controls the deserialized JSON can instantiate types outside the configured allowlist by wrapping them in an array, because array elements without per-element type identifiers are constructed directly with no further validator check.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.18.8, 2.21.4 or higher.
References
critical severity
- Vulnerable module: org.springframework.boot:spring-boot-actuator
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.12.
Overview
Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFoundry Actuator path.
Note:
This is only exploitable if all of the following conditions are met:
the application is a web application
the application contributes an application endpoint that requires authentication under a subpath, like
"/cloudfoundryapplication/admin"
Remediation
Upgrade org.springframework.boot:spring-boot-actuator to version 3.5.12, 4.0.4 or higher.
References
critical severity
- Vulnerable module: org.springframework.boot:spring-boot-actuator-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.12.
Overview
Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFoundry Actuator path.
Note:
This is only exploitable if all of the following conditions are met:
the application is a web application
the application contributes an application endpoint that requires authentication under a subpath, like
"/cloudfoundryapplication/admin"
Remediation
Upgrade org.springframework.boot:spring-boot-actuator-autoconfigure to version 3.5.12, 4.0.4 or higher.
References
critical severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to HTTP Request Smuggling due to the interaction of quotation marks and delimiters in the parseCookie() function. An attacker can exfiltrate HttpOnly cookie values or smuggle extra cookie values.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.30.Final, 2.3.11.Final or higher.
References
critical severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.1.0.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Improper Access Control when using an un-prefixed double wildcard pattern ("**") in the Spring Security configuration with the mvcRequestMatcher. This configuration creates a pattern-matching discrepancy between Spring Security and Spring MVC, potentially allowing unauthorized access.
Note: The Spring security team have published information about an existing PoC, but have not shared the PoC itself publicly, therefore we don't currently have the ability to verify it.
Remediation
Upgrade org.springframework:spring-webmvc to version 5.3.26, 6.0.7 or higher.
References
critical severity
- Vulnerable module: org.springframework.security:spring-security-config
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.9.
Overview
org.springframework.security:spring-security-config is a security configuration package for Spring Framework.
Affected versions of this package are vulnerable to Access Control Bypass. When using ** as a pattern in Spring Security configuration for WebFlux a mismatch in pattern matching is created between Spring Security and Spring WebFlux, resulting in a security bypass.
Note:
The fixed versions require Spring Framework versions:
6.0.11+
5.3.29+
5.2.25+
Note: The Spring security team have published information about an existing PoC, but have not shared the PoC itself publicly, therefore we don't currently have the ability to verify it.
Remediation
Upgrade org.springframework.security:spring-security-config to version 5.6.12, 5.7.10, 5.8.5, 6.0.5, 6.1.2 or higher.
References
critical severity
- Vulnerable module: org.springframework.security:spring-security-web
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
Overview
org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Missing Authorization allowing Spring Security authorization rules to be bypassed for static resources.
Note:
Non-Static Resources Are Not Affected by this vulnerability. This is because handlers for these routes use predicates to validate the requests even if all security filters are bypassed.
Spring Security states that for this to impact an application, all of the following conditions must be met:
It must be a WebFlux application.
It must be using Spring's static resources support.
It must have a non-permitAll authorization rule applied to the static resources support.
Remediation
Upgrade org.springframework.security:spring-security-web to version 5.7.13, 5.8.15, 6.2.7, 6.3.4 or higher.
References
critical severity
- Vulnerable module: org.springframework.security:spring-security-crypto
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework.security:spring-security-crypto@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.3.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework.security:spring-security-crypto@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.3.10.
Overview
org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security.
Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the BCryptPasswordEncoder.matches() function, which only takes the first 72 characters for comparison. Passwords longer than this will incorrectly return true when compared against other strings sharing the same first 72 characters, making them easier to brute force.
Note: Patches have also been issued for older versions of Enterprise Support packages.
Remediation
Upgrade org.springframework.security:spring-security-crypto to version 6.3.8, 6.4.4 or higher.
References
high severity
- Vulnerable module: org.apache.commons:commons-lang3
- Introduced through: org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › org.apache.commons:commons-lang3@3.12.0Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.10.
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.
References
high severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-core
- Introduced through: com.fasterxml.jackson.core:jackson-core@2.12.6, com.fasterxml.jackson.core:jackson-databind@2.12.6.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.18.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.13.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.13.
Overview
com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the maxNumberLength constraint (default: 1000 characters) defined in StreamReadConstraints. An attacker can cause excessive memory allocation and CPU exhaustion by submitting JSON documents containing extremely long numeric values through the asynchronous parser interface.
PoC
The following JUnit 5 test demonstrates the vulnerability. It shows that the async parser accepts a 5,000-digit number, whereas the limit should be 1,000.
package tools.jackson.core.unittest.dos;
import java.nio.charset.StandardCharsets;
import org.junit.jupiter.api.Test;
import tools.jackson.core.*;
import tools.jackson.core.exc.StreamConstraintsException;
import tools.jackson.core.json.JsonFactory;
import tools.jackson.core.json.async.NonBlockingByteArrayJsonParser;
import static org.junit.jupiter.api.Assertions.*;
/**
* POC: Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers
*
* Authors: sprabhav7, rohan-repos
*
* maxNumberLength default = 1000 characters (digits).
* A number with more than 1000 digits should be rejected by any parser.
*
* BUG: The async parser never calls resetInt()/resetFloat() which is where
* validateIntegerLength()/validateFPLength() lives. Instead it calls
* _valueComplete() which skips all number length validation.
*
* CWE-770: Allocation of Resources Without Limits or Throttling
*/
class AsyncParserNumberLengthBypassTest {
private static final int MAX_NUMBER_LENGTH = 1000;
private static final int TEST_NUMBER_LENGTH = 5000;
private final JsonFactory factory = new JsonFactory();
// CONTROL: Sync parser correctly rejects a number exceeding maxNumberLength
@Test
void syncParserRejectsLongNumber() throws Exception {
byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);
// Output to console
System.out.println("[SYNC] Parsing " + TEST_NUMBER_LENGTH + "-digit number (limit: " + MAX_NUMBER_LENGTH + ")");
try {
try (JsonParser p = factory.createParser(ObjectReadContext.empty(), payload)) {
while (p.nextToken() != null) {
if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {
System.out.println("[SYNC] Accepted number with " + p.getText().length() + " digits — UNEXPECTED");
}
}
}
fail("Sync parser must reject a " + TEST_NUMBER_LENGTH + "-digit number");
} catch (StreamConstraintsException e) {
System.out.println("[SYNC] Rejected with StreamConstraintsException: " + e.getMessage());
}
}
// VULNERABILITY: Async parser accepts the SAME number that sync rejects
@Test
void asyncParserAcceptsLongNumber() throws Exception {
byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);
NonBlockingByteArrayJsonParser p =
(NonBlockingByteArrayJsonParser) factory.createNonBlockingByteArrayParser(ObjectReadContext.empty());
p.feedInput(payload, 0, payload.length);
p.endOfInput();
boolean foundNumber = false;
try {
while (p.nextToken() != null) {
if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {
foundNumber = true;
String numberText = p.getText();
assertEquals(TEST_NUMBER_LENGTH, numberText.length(),
"Async parser silently accepted all " + TEST_NUMBER_LENGTH + " digits");
}
}
// Output to console
System.out.println("[ASYNC INT] Accepted number with " + TEST_NUMBER_LENGTH + " digits — BUG CONFIRMED");
assertTrue(foundNumber, "Parser should have produced a VALUE_NUMBER_INT token");
} catch (StreamConstraintsException e) {
fail("Bug is fixed — async parser now correctly rejects long numbers: " + e.getMessage());
}
p.close();
}
private byte[] buildPayloadWithLongInteger(int numDigits) {
StringBuilder sb = new StringBuilder(numDigits + 10);
sb.append("{\"v\":");
for (int i = 0; i < numDigits; i++) {
sb.append((char) ('1' + (i % 9)));
}
sb.append('}');
return sb.toString().getBytes(StandardCharsets.UTF_8);
}
}
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.fasterxml.jackson.core:jackson-core to version 2.18.6, 2.21.1 or higher.
References
high severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-core
- Introduced through: com.fasterxml.jackson.core:jackson-core@2.12.6, com.fasterxml.jackson.core:jackson-databind@2.12.6.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.18.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.13.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.13.
Overview
com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the enforcement of document length constraints in blocking, async, and DataInput parser processes. An attacker can cause excessive resource consumption by submitting oversized JSON documents that bypass configured size limits.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-core to version 2.18.7, 2.21.2 or higher.
References
high severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-core
- Introduced through: com.fasterxml.jackson.core:jackson-core@2.12.6, com.fasterxml.jackson.core:jackson-databind@2.12.6.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.15.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.15.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.0.
Overview
com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing input size validation when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values, causing the application to exhaust all available resources.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.fasterxml.jackson.core:jackson-core to version 2.15.0-rc1 or higher.
References
high severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-core
- Introduced through: com.fasterxml.jackson.core:jackson-core@2.12.6, com.fasterxml.jackson.core:jackson-databind@2.12.6.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.15.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.15.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.0.
Overview
com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to the parse process, which accepts an unlimited input file with deeply nested data. An attacker can cause a stack overflow and crash the application by providing input files with excessively deep nesting.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-core to version 2.15.0-rc1 or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when parsing multipart uploads, which apply the UndertowOptions.MULTIPART_MAX_ENTITY_SIZE option. An attacker can exhaust system memory by submitting large amounts of form data encoded with application/x-www-form-urlencoded.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.39.Final, 2.3.21.Final, 2.4.0.Beta1 or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the getParameterNames() function. An attacker can cause an OutOfMemoryError by sending requests with excessively large parameter names.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.39.Final, 2.3.21.Final, 2.4.0.Beta1 or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.4.11.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling (MadeYouReset) through malformed client requests that trigger repeated server-side stream resets without incrementing abuse counters. An attacker can exhaust server resources by sending specially crafted HTTP/2 requests that cause excessive workload through repeated stream aborts.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade io.undertow:undertow-core to version 2.2.38.Final, 2.3.20.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Denial of Service (DoS) through the wildfly-http-client protocol, due to the WriteTimeoutStreamSinkConduit process. This vulnerability can be exploited by repeatedly opening and closing connections immediately, which triggers memory and file descriptor leaks.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade io.undertow:undertow-core to version 2.2.31.Final, 2.3.12.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Uncontrolled Recursion in chunked response handling. An attacker can cause a client to wait indefinitely by sending excessive data without a 0\r\n termination sequence in chunked responses, thereby disrupting service to the server.
Note: This is only exploitable when using NewSessionTicket functionality in TLS 1.3 on Java 17.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.34.Final, 2.3.8.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the handling of URL-encoded request path information on ajp-listener. An attacker can cause the server to process incorrect paths, leading to a disruption of service by sending specially crafted concurrent requests.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade io.undertow:undertow-core to version 2.2.33.Final, 2.3.14.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to insufficient limitations on the amount of CONTINUATION frames that can be sent within a single stream. An attacker can use up compute or memory resources to cause a disruption in service by sending packets to vulnerable servers.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade io.undertow:undertow-core to version 2.2.33.Final, 2.3.14.Final or higher.
References
high severity
- Vulnerable module: org.springframework:spring-core
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1, org.springframework.boot:spring-boot-starter-web@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.10.
Overview
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.
Affected versions of this package are vulnerable to Incorrect Authorization via the AnnotationsScanner and AnnotatedMethod class. An attacker can gain unauthorized access to sensitive information by exploiting improper resolution of annotations on methods within type hierarchies that use parameterized supertypes with unbounded generics.
Note:
This is only exploitable if security annotations are used on methods in generic superclasses or generic interfaces and the @EnableMethodSecurity feature is enabled.
Remediation
Upgrade org.springframework:spring-core to version 6.2.11 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Path Traversal via the WebMvc.fn and WebFlux.fn frameworks. An attacker can access any file on the file system that is also accessible to the process in which the Spring application is running by crafting malicious HTTP requests.
Note:
This is only exploitable if the web application uses RouterFunctions to serve static resources and resource handling is explicitly configured with a FileSystemResource location.
Workaround
This vulnerability can be mitigated by using the Spring Security HTTP Firewall or running the application on Tomcat or Jetty.
Remediation
Upgrade org.springframework:spring-webmvc to version 6.1.13 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Path Traversal through the functional web frameworks WebMvc.fn or WebFlux.fn. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible.
Note: This is similar to CVE-2024-38816, but with different input.
Remediation
Upgrade org.springframework:spring-webmvc to version 6.1.14 or higher.
References
high severity
- Vulnerable module: org.springframework.data:spring-data-commons
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
Overview
org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the property-lookup cache. An attacker can cause unbounded memory consumption by sending repeated requests with unique, attacker-controlled property names, leading to heap exhaustion.
Note:
This is only exploitable if the application uses features that forward HTTP-supplied strings to PropertyPath.from without prior filtering, in particular Querydsl web bindings (via QuerydslPredicateArgumentResolver) with the default permit-all visibility, and @ProjectedPayload form-parameter binding (via MapDataBinder).
Remediation
Upgrade org.springframework.data:spring-data-commons to version 3.5.12, 4.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.data:spring-data-commons
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
Overview
org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.
Affected versions of this package are vulnerable to Denial of Service (DoS) via the MappingContext property path resolution. An attacker can cause resource exhaustion by supplying specially crafted property path strings.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.data:spring-data-commons to version 3.5.12, 4.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-beans
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1, org.springframework.boot:spring-boot-starter-web@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.9.
Overview
org.springframework:spring-beans is a package that is the basis for Spring Framework's IoC container. The BeanFactory interface provides an advanced configuration mechanism capable of managing any type of object.
Affected versions of this package are vulnerable to Relative Path Traversal when deployed on non-compliant Servlet containers. An unauthenticated attacker could gain access to files and directories outside the intended web root.
Notes:
This is only exploitable if the application is deployed as a WAR or with an embedded Servlet container, the Servlet container does not reject suspicious sequences and the application serves static resources with Spring resource handling.
Applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration.
This vulnerability was also fixed in the commercial versions 6.1.22 and 5.3.44.
Remediation
Upgrade org.springframework:spring-beans to version 6.2.10 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.17.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Directory Traversal via the Script View Templates. An attacker can access sensitive file contents outside of the intended directories by leveraging the Java scripting engine in template rendering.
Note:
This is only exploitable if the application has a mapping for "/**" that results in view rendering, and where the view name is not explicitly specified.
Details
A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.
Directory Traversal vulnerabilities can be generally divided into two types:
- Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.
If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.
curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
Note %2e is the URL encoded version of . (dot).
- Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as
Zip-Slip.
One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:
2018-04-15 22:04:29 ..... 19 19 good.txt
2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
Remediation
Upgrade org.springframework:spring-webmvc to version 6.2.17, 7.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.boot:spring-boot
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
Overview
Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) for the property source for ${random.value} (as well as ${random.int} and ${random.long}). Standard PRNGs (like java.util.Random) use deterministic mathematical algorithms starting from a seed value. Because the state space is relatively small and lacks ongoing entropy (true randomness), an attacker who observes a sequence of generated values can mathematically reverse-engineer the seed. Once the seed is known, the attacker can predict all past and future values generated by that PRNG. If these values are used to generate security-sensitive assets like API keys, session tokens, or passwords, the system becomes compromised.
Remediation
Upgrade org.springframework.boot:spring-boot to version 3.5.14, 4.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.data:spring-data-commons
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
Overview
org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.
Affected versions of this package are vulnerable to Denial of Service (DoS) via data binding. An attacker can exhaust system memory resources by sending specially crafted HTTP requests.
Note:
This is only exploitable if both Spring Data Web Support is enabled and a Controller method uses @ProjectedPayload.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.data:spring-data-commons to version 3.5.12, 4.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.data:spring-data-commons
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
Overview
org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the parsing of Sort parameters. An attacker can cause a stack overflow and disrupt service availability by submitting specially crafted input to the affected parameter.
Note:
This is only exploitable if the application explicitly exposes an endpoint that accepts Sort parameters from untrusted sources and passes them on without performing sanitization or if the application exposes endpoints with parameters annotated with @ProjectedPayload or @QuerydslPredicate.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.data:spring-data-commons to version 3.5.12, 4.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.security:spring-security-core
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.10.
Overview
org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Improper Access Control when the application uses AuthenticatedVoter directly and a null authentication parameter is passed to it. Exploiting this vulnerability resulting in an erroneous true return value.
Note
Users are not affected if:
The application does not use
AuthenticatedVoter#votedirectly.The application does not pass
nulltoAuthenticatedVoter#vote.
Remediation
Upgrade org.springframework.security:spring-security-core to version 5.7.12, 5.8.11, 6.0.10, 6.1.8, 6.2.3 or higher.
References
high severity
- Vulnerable module: org.springframework.boot:spring-boot-actuator-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
Overview
Affected versions of this package are vulnerable to Access Restriction Bypass due to improper implementation of wildcard pattern matching.
An application is vulnerable when all of the following are true:
Users have code that can handle requests matching
/cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches/**The application is deployed to Cloud Foundry.
Note: Applications using Spring Cloud Config Server can handle requests to /cloudfoundryapplication/** by default and can be vulnerable if deployed to Cloud Foundry.
An application is not vulnerable if any of the following is true:
The application is not deployed to Cloud Foundry
Users have disabled Cloud Foundry actuator endpoints with
management.cloudfoundry.enabledset tofalseThe application does not have handler mappings that can handle requests to
/cloudfoundryapplication/**
Workaround
Users who are unable to upgrade to the fixed version can disable Cloud Foundry actuator endpoints by setting management.cloudfoundry.enabled to false.
Remediation
Upgrade org.springframework.boot:spring-boot-actuator-autoconfigure to version 2.5.15, 2.6.15, 2.7.11, 3.0.6 or higher.
References
high severity
- Vulnerable module: org.springframework.security:spring-security-config
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
Overview
org.springframework.security:spring-security-config is a security configuration package for Spring Framework.
Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker can impersonate another user by presenting a specially crafted X.509 certificate containing a malformed Common Name (CN) value that causes the extractor to resolve an incorrect username during certificate-based authentication.
Note:
This vulnerability is a continuation of CVE-2026-22747, which addressed the same issue in Spring Security 7.0.x.
Exploitation requires compromise or misuse of a trusted upstream certificate validation process, as this component operates within Spring Security's pre-authentication flow and assumes presented certificates have already been validated.
Remediation
Upgrade org.springframework.security:spring-security-config to version 6.5.11 or higher.
References
high severity
- Vulnerable module: org.springframework.security:spring-security-web
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
Overview
org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker can impersonate another user by presenting a specially crafted X.509 certificate containing a malformed Common Name (CN) value that causes the extractor to resolve an incorrect username during certificate-based authentication.
Note:
This vulnerability is a continuation of CVE-2026-22747, which addressed the same issue in Spring Security 7.0.x.
Exploitation requires compromise or misuse of a trusted upstream certificate validation process, as this component operates within Spring Security's pre-authentication flow and assumes presented certificates have already been validated.
Remediation
Upgrade org.springframework.security:spring-security-web to version 6.5.11 or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can disrupt service availability by repeatedly sending AJP requests that exceed the configured max-header-size attribute in ajp-listener, leading to the server closing the TCP connection without returning an AJP response.
Note:
This is only exploitable if the max-header-size is set to 64 KB or less.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.31.Final, 2.3.12.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Improper Certificate Validation via the undertow client which does not check the server identity presented by the server certificate in https connections.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.24.Final, 2.3.5.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.12.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Improper Input Validation via the FormAuthenticationMechanism. An attacker can exhaust the server's memory, leading to a Denial of Service by sending crafted requests that cause an OutofMemory error.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.32.Final, 2.3.13.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.6.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Infinite loop due to an unexpected handshake status change in SslConduit. The vulnerability derives from JDK behavior changes, where HandshakeStatus.NEED_WRAP can persist while the status is updated to Status.CLOSED.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.24.Final, 2.3.5.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.12.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value due to improper @MultipartConfig annotation handling for very large multipart content.
Note:
If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.27.Final, 2.3.9.Final or higher.
References
high severity
- Vulnerable module: org.jboss.xnio:xnio-api
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-nio@3.8.8.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-nio@3.8.8.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-nio@3.8.8.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final › org.jboss.xnio:xnio-nio@3.8.8.Final › org.jboss.xnio:xnio-api@3.8.8.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
Overview
org.jboss.xnio:xnio-api is a simplified low-level I/O layer which can be used anywhere you are using NIO.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the NotifierState function that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large, leading to a possible denial of service.
Remediation
Upgrade org.jboss.xnio:xnio-api to version 3.5.10, 3.7.13, 3.8.14 or higher.
References
high severity
- Vulnerable module: org.springframework.boot:spring-boot-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.7.
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) if Spring MVC is used together with a reverse proxy cache.
Specifically, an application is vulnerable if all of the conditions are true:
- The application has Spring MVC auto-configuration enabled. This is the case by default if Spring MVC is on the classpath.
- The application uses Spring Boot's welcome page support, either static or templated.
- The application is deployed behind a proxy which caches 404 responses.
The application is NOT vulnerable if any of the following are true:
- Spring MVC auto-configuration is disabled. This is true if
WebMvcAutoConfigurationis explicitly excluded, if Spring MVC is not on the classpath, or ifspring.main.web-application-typeis set to a value other thanSERVLET. - The application does not use Spring Boot's welcome page support.
- There is no proxy which caches 404 responses.
Workaround
Users who are unable to upgrade should configure the reverse proxy not to cache 404 responses and/or not to cache responses to requests to the root (/) of the application.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.boot:spring-boot-autoconfigure to version 2.5.15, 2.6.15, 2.7.12, 3.0.7 or higher.
References
high severity
- Vulnerable module: org.springframework.security:spring-security-config
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.9.
Overview
org.springframework.security:spring-security-config is a security configuration package for Spring Framework.
Affected versions of this package are vulnerable to Improper Authorization due to improper validation in the requestMatchers, leading to authorization rule misconfiguration when the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet.
Notes:
An application is only vulnerable when all of the following are true:
Spring MVC is on the
classpath.Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s
DispatcherServlet).The application uses
requestMatchers(String)to refer to endpoints that are not Spring MVC endpoints.
Remediation
Upgrade org.springframework.security:spring-security-config to version 5.8.5, 6.0.5, 6.1.2 or higher.
References
high severity
- Vulnerable module: org.springframework.boot:spring-boot
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
Overview
Affected versions of this package are vulnerable to Insecure Temporary File due to the ApplicationTemp mechanism creating a temporary directory using a predictable name. Because the name can be easily guessed, a local attacker on the same server can maliciously pre-create this directory before the Spring Boot application starts. When the application launches, it would blindly use the existing directory without verifying if it is actually owned by the application's user or the attacker.
Remediation
Upgrade org.springframework.boot:spring-boot to version 3.5.14, 4.0.6 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.2.13, 1.3.12, 1.4.12 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. An attacker can mount a denial-of-service attack by sending poisoned data.
Note:
Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.2.13, 1.3.14, 1.4.14 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.12, 1.4.12 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.7.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. An attacker can mount a denial-of-service attack by sending poisoned data.
Note:
Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.14, 1.4.14 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request handling in WebFlux. An attacker can exhaust disk space by sending multipart requests with large parts that trigger creation of temporary files, which under certain conditions are not deleted after the request completes, leading to accumulation of temp files and denial of service.
Remediation
Upgrade org.springframework:spring-web to version 6.2.18, 7.0.7 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.4.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Open Redirect when UriComponentsBuilder parses an externally provided URL, and the application subsequently uses that URL. If it contains hierarchical components such as path, query, and fragment it may evade validation.
Remediation
Upgrade org.springframework:spring-web to version 5.3.32, 6.0.17, 6.1.4 or higher.
References
high severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.5.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.
Note: This is the same as CVE-2024-22243, but with different input.
Remediation
Upgrade org.springframework:spring-web to version 5.3.33, 6.0.18, 6.1.5 or higher.
References
high severity
new
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Expression Injection in the Janino-evaluated condition attribute of <if> configuration elements, handled by IfModelHandler, whose denylist blocked only the literal new operator. A user who can modify the logback configuration can execute arbitrary code by writing an <if> condition that evades that denylist, either through references it did not cover such as Runtime or springframework, or through Unicode escape sequences like \u that reconstruct the blocked new operator. Exploitation requires write access to the logback configuration and the use of conditional <if> processing with Janino present on the classpath.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.36 or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block terminators (\r\r\r) to exploit differences in how certain proxy servers interpret HTTP requests.
Remediation
Upgrade io.undertow:undertow-core to version 2.4.0.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect handling of white-spaces in HTTP request headers. An attacker can gain unauthorized access to restricted information or perform unauthorized actions by sending specially crafted HTTP requests with leading spaces in the first header line.
Remediation
Upgrade io.undertow:undertow-core to version 2.4.0.Final or higher.
References
high severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.Final
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending specially crafted HTTP requests that are interpreted differently by upstream proxies and the server.
Remediation
Upgrade io.undertow:undertow-core to version 2.4.0.Final or higher.
References
medium severity
new
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual() method, which applies the per-property exclusions through _handleByNameInclusion() and then rebuilds the property map from the unfiltered original, overwriting the filtered map and restoring every property the exclusion had removed. An attacker can set fields that were marked ignored, enabling mass assignment, by supplying those property names in untrusted JSON during deserialization. Exploitation requires case-insensitive property matching to be enabled via @JsonFormat with ACCEPT_CASE_INSENSITIVE_PROPERTIES alongside per-property @JsonIgnoreProperties.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.18.9, 2.21.5, 2.22.1 or higher.
References
medium severity
new
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.18.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups for chosen hostnames by submitting JSON that is deserialized into a type holding an InetSocketAddress field, with no authentication required. The observable effect is limited to DNS resolution of attacker-chosen names, useful for out-of-band interaction or internal resolver probing rather than a full outbound request, and it applies only where the application deserializes untrusted JSON into types containing such fields.
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.18.8, 2.21.4 or higher.
References
medium severity
- Vulnerable module: commons-io:commons-io
- Introduced through: org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › commons-io:commons-io@2.11.0Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.
Remediation
Upgrade commons-io:commons-io to version 2.14.0 or higher.
References
medium severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.2.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Race Condition due to the reuse of the StringBuilder instance in the ProxyProtocolReadListener across multiple requests. An attacker can access data from previous requests or responses by exploiting the shared usage of the StringBuilder.
This vulnerability primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.36.Final, 2.3.17.Final or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-core
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1, org.springframework.boot:spring-boot-starter-web@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
Overview
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denial of service by sending crafted requests that are slow to resolve when accessing file-system-backed static resources, causing HTTP connections to remain occupied and exhausting server resources.
Note: This is only exploitable if all the following are true:
The application uses Spring MVC or Spring WebFlux.
Static resources are served from the file system.
The application is running on Windows.
Remediation
Upgrade org.springframework:spring-core to version 6.2.18, 7.0.7 or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the form of improper ETag prefix validation when parsing ETags from the If-Match or If-None-Match request headers. An attacker can exploit this vulnerability to cause denial of service by sending a maliciously crafted conditional HTTP request.
Workaround
Users of older, unsupported versions could enforce a size limit on If-Match and If-None-Match headers, e.g. through a Filter.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework:spring-web to version 5.3.38, 6.0.23, 6.1.12 or higher.
References
medium severity
- Vulnerable module: org.springframework.boot:spring-boot-actuator-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.3.11.
Overview
Affected versions of this package are vulnerable to Improper Input Validation via the EndpointRequest.to() function that creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.
Note:
This is only exploitable if all of the following conditions are met:
EndpointRequest.to()has been used in a Spring Security chain configuration;The endpoint which
EndpointRequestreferences is disabled or not exposed via web;Your application handles requests to
/nulland this path needs protection.
Workaround
This can be mitigated by either:
Making sure that the endpoint to which
EndpointRequest.to()is referring to is enabled and exposed via web;Make sure that you don't handle requests to
/null.
Remediation
Upgrade org.springframework.boot:spring-boot-actuator-autoconfigure to version 3.3.11, 3.4.5 or higher.
References
medium severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › org.yaml:snakeyaml@1.33Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.2.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Arbitrary Code Execution in the Constructor class, which does not restrict which types can be deserialized. This vulnerability is exploitable by an attacker who provides a malicious YAML file for deserialization, which circumvents the SafeConstructor class.
The maintainers of the library contend that the application's trust would already have had to be compromised or established and therefore dispute the risk associated with this issue on the basis that there is a high bar for exploitation.
Remediation
Upgrade org.yaml:snakeyaml to version 2.0 or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-expression
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.2.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.6.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when a user provides a very long SpEL expression.
Remediation
Upgrade org.springframework:spring-expression to version 5.2.24.RELEASE, 5.3.27, 6.0.8 or higher.
References
medium severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.5.10.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input of the request's Host header. An attacker can manipulate server behavior, potentially leading to cache poisoning, internal network scanning, or session hijacking by sending crafted HTTP requests with malicious Host headers.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.39.Final, 2.3.21.Final, 2.4.0.Beta1 or higher.
References
medium severity
new
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in HardenedObjectInputStream, whose resolveClass allowlist admitted any class whose name starts with java.lang or java.util rather than matching specific authorized classes. An attacker can instantiate dangerous classes such as java.lang.ProcessBuilder during deserialization, reaching remote code execution through a gadget chain, by delivering a malicious serialized object to a logback component that deserializes it, such as its socket receiver for serialized logging events (SocketNode). Exploitation requires the application to deserialize attacker-controlled serialized data through logback, in practice via its socket-based receiver, together with a usable gadget class on the classpath.
Workaround
This vulnerability can be avoided by not exposing logback's socket-based serialized receivers, such as SocketReceiver and ServerSocketReceiver, to untrusted networks, which removes the path by which attacker-controlled serialized objects reach the deserialization filter.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502) is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.5.33 or higher.
References
medium severity
new
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in HardenedObjectInputStream, whose resolveClass allowlist admitted any class whose name starts with java.lang or java.util rather than matching specific authorized classes. An attacker can instantiate dangerous classes such as java.lang.ProcessBuilder during deserialization, reaching remote code execution through a gadget chain, by delivering a malicious serialized object to a logback component that deserializes it, such as its socket receiver for serialized logging events (SocketNode). Exploitation requires the application to deserialize attacker-controlled serialized data through logback, in practice via its socket-based receiver, together with a usable gadget class on the classpath.
Workaround
This vulnerability can be avoided by not exposing logback's socket-based serialized receivers, such as SocketReceiver and ServerSocketReceiver, to untrusted networks, which removes the path by which attacker-controlled serialized objects reach the deserialization filter.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502) is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.33 or higher.
References
medium severity
new
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.14.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JsonNode.toString() method, which serializes nested node structure recursively without a depth limit. An attacker can crash the application with a StackOverflowError by submitting deeply nested JSON, around 1000 levels in a payload of roughly 2 kB, to a service that parses it with ObjectMapper.readTree() and then serializes the result through JsonNode.toString().
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.14.0-rc1 or higher.
References
medium severity
new
- Vulnerable module: org.apache.logging.log4j:log4j-api
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › org.apache.logging.log4j:log4j-to-slf4j@2.19.0 › org.apache.logging.log4j:log4j-api@2.19.0
Overview
Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the MapMessage.asJson() method, which emits the bare NaN, Infinity, or -Infinity tokens instead of an RFC 8259-compliant representation. An attacker can emit malformed JSON that corrupts the enclosing log record or disrupts downstream log ingestion and parsing by supplying non-finite floating-point values that the application records in a logged MapMessage. Exploitation requires the application to use the message resolver of JsonTemplateLayout, or another layout relying on MapMessage.asJson(), and to log a MapMessage holding attacker-controlled floating-point values.
Note: This is a bypass of the fix for the vulnerability described in CVE-2026-34481.
Remediation
A fix was pushed into the master branch but not yet published.
References
medium severity
- Vulnerable module: org.springframework.security:spring-security-core
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
Overview
org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Information Exposure in the DaoAuthenticationProvider component. An attacker can determine the status of user attributes such as enabled, expired, or locked by analyzing response times, potentially allowing user attribute enumeration through timing analysis.
Remediation
Upgrade org.springframework.security:spring-security-core to version 6.5.10, 7.0.5 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.4.11.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.16, 1.5.19 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.12.7.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to io.jsonwebtoken:jjwt-jackson@0.12.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the _deserializeFromArray() function in BeanDeserializer, due to resource exhaustion when processing a deeply nested array.
NOTE:
For this vulnerability to be exploitable the non-default DeserializationFeature must be enabled.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.12.7.1, 2.13.4 or higher.
References
medium severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-databind
- Introduced through: com.fasterxml.jackson.core:jackson-databind@2.12.6.1, io.jsonwebtoken:jjwt-jackson@0.11.5 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.12.7.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to io.jsonwebtoken:jjwt-jackson@0.12.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › io.swagger.core.v3:swagger-core-jakarta@2.2.7 › com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.14.0 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2.
Overview
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the _deserializeWrappedValue() function in StdDeserializer.java, due to resource exhaustion when processing deeply nested arrays.
NOTE: This vulnerability is only exploitable when the non-default UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.12.7.1, 2.13.4.1 or higher.
References
medium severity
- Vulnerable module: org.springframework.security:spring-security-config
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
Overview
org.springframework.security:spring-security-config is a security configuration package for Spring Framework.
Affected versions of this package are vulnerable to Session Fixation due to the logout functionality not properly clearing the security context when using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This allows users to stay authenticated after a logout.
NOTE: Applications are only vulnerable if any of the following conditions are true:
The
SecurityContextHolderFilterorrequireExplicitSave(true)is in use with logout support for serialized sessions, andinvalidateHttpSession(false).Users are logged out manually by saving an empty
SecurityContextinto theHttpSessionSecurityContextRepository.A custom
SecurityContextRepositoryis in use that does not rely on theHttpSession.
Remediation
Upgrade org.springframework.security:spring-security-config to version 5.7.8, 5.8.3, 6.0.3 or higher.
References
medium severity
- Vulnerable module: org.springframework.security:spring-security-web
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
Overview
org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Session Fixation due to the logout functionality not properly clearing the security context when using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This allows users to stay authenticated after a logout.
NOTE: Applications are only vulnerable if any of the following conditions are true:
The
SecurityContextHolderFilterorrequireExplicitSave(true)is in use with logout support for serialized sessions, andinvalidateHttpSession(false).Users are logged out manually by saving an empty
SecurityContextinto theHttpSessionSecurityContextRepository.A custom
SecurityContextRepositoryis in use that does not rely on theHttpSession.
Remediation
Upgrade org.springframework.security:spring-security-web to version 5.7.8, 5.8.3, 6.0.3 or higher.
References
medium severity
- Vulnerable module: org.springframework.boot:spring-boot
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
Overview
Affected versions of this package are vulnerable to Symlink Attack due to insecure handling of Process ID (PID) files. When an application uses the ApplicationPidFileWriter, it writes its PID to a predictable file system path. A local attacker with write access to the PID file's directory can create a symbolic link (symlink) at that path. When the Spring Boot application starts, it follows this symlink and overwrites the target file with its PID. This allows the attacker to corrupt or "clobber" sensitive system files, potentially leading to a denial of service or system instability.
Remediation
Upgrade org.springframework.boot:spring-boot to version 3.5.14, 4.0.6 or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.1.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.6.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Open Redirect when UriComponentsBuilder is used to parse an externally provided URL and perform validation checks on the host of the parsed URL.
Note: This is the same as CVE-2024-22259 and CVE-2024-22243, but with different input.
Remediation
Upgrade org.springframework:spring-web to version 5.3.34, 6.0.19, 6.1.6 or higher.
References
medium severity
- Vulnerable module: com.h2database:h2
- Introduced through: com.h2database:h2@2.1.214
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.h2database:h2@2.1.214Remediation: Upgrade to com.h2database:h2@2.2.220.
Overview
com.h2database:h2 is a database engine
Affected versions of this package are vulnerable to Information Exposure when H2 web-based admin console was started via the CLI with the argument -webAdminPassword, which allows a local user to specify the password in plaintext for the web admin console.
Consequently, a malicious local user or an attacker that has obtained local access through some means would be able to get the password for the H2 web admin console by looking at the running processes.
Vendor Statement: "This is not a vulnerability of the H2 Console, this is an example of how not to use it. I think there is nothing to do with it on the H2 side. Passwords should never be passed on the command line, and every qualified DBA or system administrator is expected to know that."
Remediation
Upgrade com.h2database:h2 to version 2.2.220 or higher.
References
medium severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.0.7.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Denial of Service (DoS) in flow control handling by the browser over HTTP/2. This may cause overhead or a denial of service in the server. This is due to an incomplete fix of CVE-2021-3629.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade io.undertow:undertow-core to version 2.2.25.Final, 2.3.6.Final or higher.
References
medium severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.1.9.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Directory Traversal due to improper input validation of the HTTP request. An attacker can access privileged or restricted files and directories by appending a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP.
Details
A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.
Directory Traversal vulnerabilities can be generally divided into two types:
- Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.
If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.
curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
Note %2e is the URL encoded version of . (dot).
- Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as
Zip-Slip.
One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:
2018-04-15 22:04:29 ..... 19 19 good.txt
2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
Remediation
Upgrade io.undertow:undertow-core to version 2.2.33.Final, 2.3.12.Final or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-expression
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.6.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.0.5.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.5.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via a crafted SpEL expression.
Remediation
Upgrade org.springframework:spring-expression to version 5.2.23.RELEASE, 5.3.26, 6.0.7 or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.13.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.13.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.1.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.13.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.3.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Denial of Service (DoS) when providing a specially crafted HTTP request.
To be vulnerable, these conditions must all be met (which is usually the case for applications dependent on org.springframework.boot:spring-boot-actuator):
The affected application uses Spring MVC or Spring WebFlux.
io.micrometer:micrometer-coreis on the classpath.An
ObservationRegistryis configured in the application to record observations.
Workaround
This vulnerability can be avoided by disabling web observations: management.metrics.enable.http.server.requests=false
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework:spring-web to version 6.0.14 or higher.
References
medium severity
- Vulnerable module: org.springframework.boot:spring-boot-actuator
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.13.
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) via HTTP requests, when both of these conditions are true:
Spring MVC or Spring WebFlux is in use.
org.springframework.boot:spring-boot-actuatoris on the classpath.
Workaround
This vulnerability can be avoided by disabling web metrics: management.metrics.enable.http.server.requests=false
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.boot:spring-boot-actuator to version 2.7.18, 3.0.13, 3.1.6 or higher.
References
medium severity
- Vulnerable module: com.fasterxml.jackson.core:jackson-core
- Introduced through: com.fasterxml.jackson.core:jackson-core@2.12.6, com.fasterxml.jackson.core:jackson-databind@2.12.6.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.13.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.13.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › io.jsonwebtoken:jjwt-jackson@0.11.5 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.0.1.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › com.fasterxml.jackson.core:jackson-databind@2.12.6.1 › com.fasterxml.jackson.core:jackson-core@2.12.6Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.0.1.
Overview
com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Information Exposure due to the JsonLocation._appendSourceDesc method. An attacker can access up to 500 bytes of unintended memory content by exploiting exception messages that incorrectly read from the beginning of a byte array instead of the logical payload start.
Workaround
This vulnerability can be mitigated by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.
PoC
byte[] buffer = new byte[1000];
System.arraycopy("SECRET".getBytes(), 0, buffer, 0, 6);
System.arraycopy("{ \"bad\": }".getBytes(), 0, buffer, 700, 10);
JsonFactory factory = new JsonFactory();
JsonParser parser = factory.createParser(buffer, 700, 20);
parser.nextToken(); // throws exception
// Exception message will include "SECRET"
Remediation
Upgrade com.fasterxml.jackson.core:jackson-core to version 2.13.0-rc1 or higher.
References
medium severity
- Vulnerable module: org.springframework.security:spring-security-web
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
Overview
org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Open Redirect in the CookieRequestCache function. An attacker can redirect users to arbitrary external sites by crafting a malicious authentication flow that leverages the unvalidated absolute URL stored in the cookie.
Note:
This is only exploitable if all the following conditions are met:
The application uses
CookieRequestCache(Servlet) orCookieServerRequestCache(WebFlux) as itsRequestCacheimplementation.An attacker is able to influence the value of the
REDIRECT_URIcookie, for example through cookie injection via a related subdomain, an HTTP response splitting attack, or a protocol downgrade from HTTPS to HTTP.
Remediation
Upgrade org.springframework.security:spring-security-web to version 6.5.11, 7.0.6 or higher.
References
medium severity
- Vulnerable module: org.springframework.boot:spring-boot-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.15.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.15.
Overview
Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data directory or replacing it with a symlink before the application starts. This may allow unauthorized access to message data, injection of malicious messages, or further compromise through processing of attacker-controlled broker data.
Note: This is only exploitable by an attacker with local access to the host system before the application initializes the embedded broker.
Remediation
Upgrade org.springframework.boot:spring-boot-autoconfigure to version 3.5.15, 4.0.7, 4.1.0 or higher.
References
medium severity
- Module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: com.h2database:h2
- Introduced through: com.h2database:h2@2.1.214
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › com.h2database:h2@2.1.214
Dual license: EPL-1.0, MPL-2.0
medium severity
- Module: org.hibernate.common:hibernate-commons-annotations
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.hibernate.orm:hibernate-core@6.1.6.Final › org.hibernate.common:hibernate-commons-annotations@6.0.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.hibernate.orm:hibernate-envers@6.1.6.Final › org.hibernate.common:hibernate-commons-annotations@6.0.2.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.hibernate.orm:hibernate-envers@6.1.6.Final › org.hibernate.orm:hibernate-core@6.1.6.Final › org.hibernate.common:hibernate-commons-annotations@6.0.2.Final
LGPL-2.1 license
medium severity
- Module: org.hibernate.orm:hibernate-core
- Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 and org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.hibernate.orm:hibernate-core@6.1.6.Final
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.hibernate.orm:hibernate-envers@6.1.6.Final › org.hibernate.orm:hibernate-core@6.1.6.Final
LGPL-2.1 license
medium severity
- Module: org.hibernate.orm:hibernate-envers
- Introduced through: org.springframework.data:spring-data-envers@4.1.0
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.hibernate.orm:hibernate-envers@6.1.6.Final
LGPL-2.1 license
low severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.3.8.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.3.8.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the SaxEventRecorder process. An attacker can forge requests by compromising logback configuration files in XML.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.
References
low severity
- Vulnerable module: io.undertow:undertow-core
- Introduced through: org.springframework.boot:spring-boot-starter-undertow@3.0.1
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.3.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.3.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.3.7.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-undertow@3.0.1 › io.undertow:undertow-websockets-jsr@2.3.2.Final › io.undertow:undertow-servlet@2.3.2.Final › io.undertow:undertow-core@2.3.2.FinalRemediation: Upgrade to org.springframework.boot:spring-boot-starter-undertow@3.3.7.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Memory Leak when the learning-push handler is configured with the default maxAge of -1. An attacker who can send normal HTTP requests may consume excessive memory.
Workaround
This vulnerability can be avoided by setting a value for maxAge that is not -1.
Remediation
Upgrade io.undertow:undertow-core to version 2.2.37.Final, 2.3.18.Final or higher.
References
low severity
- Vulnerable module: org.springframework:spring-context
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
Overview
Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.
Note:
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.
This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.
Remediation
Upgrade org.springframework:spring-context to version 6.1.14 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-core
- Introduced through: org.springframework.boot:spring-boot-starter-security@3.0.1, org.springframework.boot:spring-boot-starter-web@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework.data:spring-data-commons@3.0.0 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework:spring-context-support@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-config@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework.security:spring-security-core@6.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@4.0.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.data:spring-data-envers@4.1.0 › org.springframework.data:spring-data-jpa@3.0.0 › org.springframework:spring-orm@7.0.8 › org.springframework:spring-jdbc@6.0.3 › org.springframework:spring-tx@7.0.8 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.data:spring-data-envers@4.1.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-actuator-autoconfigure@3.0.1 › org.springframework.boot:spring-boot-actuator@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-expression@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springdoc:springdoc-openapi-starter-common@2.0.2 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-autoconfigure@3.0.1 › org.springframework.boot:spring-boot@3.0.1 › org.springframework:spring-context@6.0.3 › org.springframework:spring-aop@6.0.3 › org.springframework:spring-beans@6.0.3 › org.springframework:spring-core@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
Overview
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.
Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.
Note:
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.
This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.
Remediation
Upgrade org.springframework:spring-core to version 6.1.14 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.
Note:
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.
This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.
Remediation
Upgrade org.springframework:spring-web to version 6.1.14 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.14.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@3.0.0.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to HTTP Request Smuggling via the static resource resolution and caching mechanism. An attacker can poison the resource cache by sending crafted requests that cause resources to be cached with incorrect encodings when resource chain caching and encoded resource resolution are enabled. This can lead to denial of service by breaking front-end resource loading for subsequent clients.
Note: This is only exploitable if all the following is true:
The application is configuring the resource chain support with caching enabled.
The application adds support for encoded resource resolution.
The resource cache must be empty when the attacker has access to the application.
Remediation
Upgrade org.springframework:spring-webmvc to version 6.2.18, 7.0.7 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.2.11.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.7.0.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.
Note:
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.
This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.
Remediation
Upgrade org.springframework:spring-webmvc to version 6.1.14 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-web
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1, org.springframework.boot:spring-boot-starter-security@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.security:spring-security-web@6.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3 › org.springframework:spring-web@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.17.
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'). The vulnerability exists in the handling of Server-Sent Events (SSE) when streaming plain text data. An attacker can inject crafted data into the event stream, breaking message boundaries and corrupting the stream delivered to other clients. By controlling streamed content, an attacker can manipulate how subsequent events are parsed by the client, potentially altering application state or injecting misleading data.
Note:
This is only exploitable if the application streams attacker-controlled data via SSE using unstructured/plain-text messages instead of a structured format (e.g., JSON).
Remediation
Upgrade org.springframework:spring-web to version 6.2.17, 7.0.6 or higher.
References
low severity
- Vulnerable module: org.springframework:spring-webmvc
- Introduced through: org.springframework.boot:spring-boot-starter-web@3.0.1 and org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.12.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springdoc:springdoc-openapi-starter-webmvc-ui@2.0.2 › org.springdoc:springdoc-openapi-starter-webmvc-api@2.0.2 › org.springframework:spring-webmvc@6.0.3Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.17.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'). The vulnerability exists in the handling of Server-Sent Events (SSE) when streaming plain text data. An attacker can inject crafted data into the event stream, breaking message boundaries and corrupting the stream delivered to other clients. By controlling streamed content, an attacker can manipulate how subsequent events are parsed by the client, potentially altering application state or injecting misleading data.
Note:
This is only exploitable if the application streams attacker-controlled data via SSE using unstructured/plain-text messages instead of a structured format (e.g., JSON).
Remediation
Upgrade org.springframework:spring-webmvc to version 6.2.17, 7.0.6 or higher.
References
low severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.0.1, org.springframework.boot:spring-boot-starter-cache@3.0.1 and others
Detailed paths
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-actuator@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-cache@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-cache@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-security@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-validation@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-aop@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.4.0.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-data-jpa@3.0.1 › org.springframework.boot:spring-boot-starter-jdbc@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.10.
-
Introduced through: systelab/seed-springboot@systelab/seed-springboot › org.springframework.boot:spring-boot-starter-web@3.0.1 › org.springframework.boot:spring-boot-starter-json@3.0.1 › org.springframework.boot:spring-boot-starter@3.0.1 › org.springframework.boot:spring-boot-starter-logging@3.0.1 › ch.qos.logback:logback-classic@1.4.5 › ch.qos.logback:logback-core@1.4.5Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.10.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path by compromising an existing configuration file.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.25 or higher.