org.springframework.boot:spring-boot

vulnerable: 1.5.0.RELEASE ... 1.5.9.RELEASE (10 versions)

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a sy…

vulnerable: 1.0.0.RELEASE ... 2.2.9.RELEASE (105 versions)

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: Thi…

vulnerable: 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: …

vulnerable: 1.0.0.RELEASE ... 2.7.9 (186 versions)

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, thi…

vulnerable: 4.0.0 ... 4.0.5 (6 versions)

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configurat…