Homepage

org.springframework.boot:spring-boot-actuator-autoconfigure@3.3.10 vulnerabilities

  • latest version

    3.4.5

  • latest non vulnerable version

    3.4.5

  • first published

    7 years ago

  • latest version published

    7 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.springframework.boot:spring-boot-actuator-autoconfigure package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Input Validation

    Affected versions of this package are vulnerable to Improper Input Validation via the EndpointRequest.to() function that creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

    Note:

    This is only exploitable if all of the following conditions are met:

    1. EndpointRequest.to() has been used in a Spring Security chain configuration;

    2. The endpoint which EndpointRequest references is disabled or not exposed via web;

    3. Your application handles requests to /null and this path needs protection.

    How to fix Improper Input Validation?

    Upgrade org.springframework.boot:spring-boot-actuator-autoconfigure to version 3.3.11, 3.4.5 or higher.

    [2.7.0,3.3.11)[3.4.0,3.4.5)
    Go back to all versions of this package