View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005857 | SymmetricDS | Bug | public | 2023-05-23 12:32 | 2023-10-04 13:09 |
| Reporter | elong | Assigned To | elong | ||
| Priority | high | ||||
| Status | closed | Resolution | fixed | ||
| Product Version | 3.14.7 | ||||
| Target Version | 3.15.0 | Fixed in Version | 3.15.0 | ||
| Summary | 0005857: Security Vulnerability in Spring Framework and h2 database | ||||
| Description | CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Fix available: fixed in 5.3.26 CVE-2023-20860 Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using '**' as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. Fix available: fixed in 5.3.26 h2 - CVE-2022-23221 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. Fixed in 2.0.206 | ||||
| Tags | security | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-05-23 12:32 | elong | New Issue | |
| 2023-05-23 12:32 | elong | Status | new => assigned |
| 2023-05-23 12:32 | elong | Assigned To | => elong |
| 2023-05-23 12:32 | elong | Issue generated from: 0005848 | |
| 2023-05-23 12:32 | elong | Relationship added | related to 0005848 |
| 2023-05-23 12:35 | elong | Summary | Security Vulnerbility in Spring Framework, h2 and golang.org/x/text => Security Vulnerability in Spring Framework and h2 database |
| 2023-05-23 12:35 | elong | Description Updated | View Revisions |
| 2023-05-23 12:41 | elong | Status | assigned => resolved |
| 2023-05-23 12:41 | elong | Resolution | open => fixed |
| 2023-05-23 12:41 | elong | Fixed in Version | => 3.15.0 |
| 2023-10-01 23:46 | admin | Status | resolved => closed |
| 2023-10-04 13:09 | elong | Tag Attached: security |