Critical Vulnerabilities fixes azure spring_core, spring-security-core, spring-beans (!54) · Merge requests · OSDU Software / OSDU Data Platform / Data Flow / Data Ingestion / External Data Sources / EDS DMS

spring-beans:
Improper Neutralization of Special Elements used in an OS Command in org.springframework/spring-beans
Vulnerability spring-beans issue
spring-core:
"OS Command Injection," which occurs when an application allows user-controlled input to be inserted into a system command without proper sanitization or validation. vulnerability was located in the org.springframework/spring-core library
Vulnerability spring-core Issue
spring-security-core: RegexRequestMatcher might easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
Vulnerability spring-security-core Issue

Edited Mar 06, 2023 by Jayesh Bagul

Critical Vulnerabilities fixes azure spring_core, spring-security-core, spring-beans