Newest 'spring-framework' Questions

3 votes

1 answer

141 views

how is CVE-2021-22044 risky

I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044 The description says: In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported ...

anonymous

559

asked Nov 5, 2024 at 16:16

1 vote

0 answers

343 views

Am I exploitable to CVE-2023-20862?

I am trying to analyze whether I am exploitable to the new CVE in spring security. As per Spring they mention the following: Specifically, an application is vulnerable when any of the following is ...

ethicalhacker

105

asked May 11, 2023 at 16:56

1 vote

0 answers

155 views

Migrate OAuth 2.0 to OAuth 2.1

I have a old Spring Cloud gateway working with Keyclock server. I don't have Web UI for login because the project is a Rest API. OAuth 2.0 is used with Grant type password. I want to migrate to OAuth ...

Peter Penzov

151

asked Nov 2, 2022 at 16:10

0 votes

1 answer

402 views

Impact of setting allowUrlEncodedPercent to true in StrictHttpFirewall

I need to implement a public REST API that manipulates usernames. So I have an endpoint that looks like GET http://.../api/users/<username> where username can contain special characters (slashes,...

R. Aubel

3

asked Jan 17, 2022 at 8:29

7 votes

2 answers

3k views

Why does Spring Security unset and set the same Cookie in one Request?

In the CSRF implementation of Spring Security (https://github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java#...

waXve

173

asked Nov 23, 2020 at 13:36

1 vote

0 answers

186 views

SPA Oauth2 and Backchannel (Client)

I am having a problems defining the flow of an application that is supposed to be authenticated / authorized securely with an SPA frontend. Currently using an SPA with a Spring application server as a ...

user2742982

11

asked Sep 30, 2020 at 10:00

1 vote

0 answers

445 views

Oauth2.0 | How to manage user session in Single Page application running in an iframe?

I'm new to security domain, and recently I have learned about Oauth2.0/OpenID connect and JWT tokens. I have an existing REST based web application where I need to implement security. Server ...

A.Huzaifa

11

asked Jul 23, 2020 at 10:27

0 votes

2 answers

265 views

Can GET Requests with Spring Rest controllers be intercepted by attackers?

I'm building a Spring app and a React app which also contains Chat functionality. I use WebSocket with RabbitMQ as message broker. I store the chat history as encrypted messages with AES, and before ...

ryansan

113

asked Apr 21, 2020 at 11:07

Stack Exchange Network

Questions tagged [spring-framework]

how is CVE-2021-22044 risky

Am I exploitable to CVE-2023-20862?

Migrate OAuth 2.0 to OAuth 2.1

Impact of setting allowUrlEncodedPercent to true in StrictHttpFirewall

Why does Spring Security unset and set the same Cookie in one Request?

SPA Oauth2 and Backchannel (Client)

Oauth2.0 | How to manage user session in Single Page application running in an iframe?

Can GET Requests with Spring Rest controllers be intercepted by attackers?

Hot Network Questions