Summary Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craf...
Summary In Apache Tomcat the form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. Products not listed in the Produc...
Summary Long exponents are permitted under the Diffie-Hellman Key Agreement Protocol, making some calculations needlessly expensive. When there are sufficient subgroup constraints, it is possible to u...
SamPirok
on:
Security Advisory: SA-2022-004 – Spring Framework
