CVE-2022-29567 - Understanding the Vaadin TreeGrid Vulnerability and How It Can Leak Your Server Data
Published: June 2023 CVE Details
Severity: Medium (CVSS 5.3)
The world of Java web apps is never free from surprises, especially if you use
CVE-2022-29599 - How a Tiny Bug in Maven's Commandline Exposed Projects to Shell Injection Attacks
Dependency management tools like Apache Maven are the bedrock of modern Java projects. But even these essential, widely-used tools can hide surprising vulnerabilities with big
CVE-2022-30551 Attackers can stop a server from processing messages by sending crafted messages that exhaust available resources.
This vulnerability is often exploited through the use of a sql injection attack. As a result, a remote attacker can access or modify data, or
CVE-2022-25762 Web apps that use WebSockets after Tomcat 8.5.0 to 8.5.75 or Tomcat 9.0.0.M1 to 9.0.20 can send messages
END>
To work around this issue, you can set the value of the TomcatConnectors.EnablePooling property to false when deploying the application on Tomcat 8.5.
CVE-2022-0866 - How a Concurrency Issue in JBoss and WildFly Can Return the Wrong Caller Principal – Exploit and Investigation
CVE-2022-0866 describes a subtle but impactful concurrency bug in JBoss EAP (7.1. and onward) and WildFly (11+), specifically when Elytron security is enabled. This
Episode
00:00:00
00:00:00