Posted on March 30, 2022 in Software Frameworks, Libraries, and Components
Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.
Posted on February 08, 2022 in Services & System Applications
A request smuggling issue in SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher allows unauthenticated user impersonation. These systems are commonly Internet-facing. The flaw has been assigned a bug alert severity of 'critical', and the vendor has supplied patches.
Posted on December 09, 2021 in Software Frameworks, Libraries, and Components
A remote code execution vulnerability has been found in the popular Java logging library Log4j. This issue is easily exploited in common configurations, and has been assigned a bug alert severity of 'critical'.