Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-VPR3-F594-MG5G
HistoryMay 17, 2022 - 3:28 a.m.

Improper Control of Generation of Code ('Code Injection') in Spring Framework

2022-05-1703:28:34
CWE-94
GitHub Advisory Database
github.com
26

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.8%

JSON

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Affected configurations

Vulners
Node
org.springframework\Matchspring
OR
org.springframework\Matchspring

References

Related

exploitpack 1
checkpoint_advisories 1
nvd 1
cvelist 1
prion 1
securityvulns 3
seebug 2
osv 1
cve 1
exploitdb 1
githubexploit 1
nessus 1
thn 1
cisa 1
securelist 1
avleonov 1
mssecure 1
mmpc 1
trellix 2
checkpoint_security 1
ibm 3
oracle 1
exploitpack
exploitpack
Spring Framework - Arbitrary code Execution
2010-06-18 00:00:00
checkpoint_advisories
checkpoint_advisories
VMware SpringSource Spring Framework class.classloader Remote Code Execution (CVE-2010-1622)
2011-06-07 00:00:00
nvd
nvd
CVE-2010-1622
2010-06-21 16:30:01
cvelist
cvelist
CVE-2010-1622
2010-06-21 16:00:00
prion
prion
Code injection
2010-06-21 16:30:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-06-20 00:00:00
CVE-2010-1622: Spring Framework execution of arbitrary code
2010-06-20 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
seebug
seebug
Spring Framework arbitrary code execution
2014-07-01 00:00:00
Spring Framework class.classLoaderη±»θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2010-06-21 00:00:00
osv
osv
Improper Control of Generation of Code ('Code Injection') in Spring Framework
2022-05-17 03:28:34
cve
cve
CVE-2010-1622
2010-06-21 16:30:01
exploitdb
exploitdb
Spring Framework - Arbitrary code Execution
2010-06-18 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-22965
2022-04-05 09:35:41
nessus
nessus
Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)
2015-10-23 00:00:00
thn
thn
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 05:52:00
cisa
cisa
Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities
2022-04-01 00:00:00
securelist
securelist
Spring4Shell (CVE-2022-22965): details and mitigations
2022-04-04 15:30:36
avleonov
avleonov
Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection
2022-04-03 00:15:45
mssecure
mssecure
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
2022-04-05 01:11:24
mmpc
mmpc
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
2022-04-05 01:11:24
trellix
trellix
The Bug Report – April 2022 Edition
2022-05-04 00:00:00
The Bug Report – April 2022 Edition
2022-05-04 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
ibm
ibm
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
2023-06-22 16:30:54
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
2023-06-06 18:05:17
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
2019-02-18 14:10:01
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.8%

JSON
Related for GHSA-VPR3-F594-MG5G
exploitpack1checkpoint_advisories1nvd1cvelist1prion1securityvulns3seebug2osv1cve1exploitdb1githubexploit1nessus1thn1cisa1securelist1avleonov1mssecure1mmpc1trellix2checkpoint_security1ibm3oracle1