Security
Headlines

Headlines Latest CVEs

Headline

GHSA-r7qr-f43m-pxfr: Spring Session session ID can be logged to the standard output stream

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

1 year ago

#vulnerability #git

Spring Session session ID can be logged to the standard output stream

Moderate severity GitHub Reviewed Published Apr 13, 2023 to the GitHub Advisory Database • Updated Apr 17, 2023

Related news

CVE-2023-20866: CVE-2023-20866: Session ID can be logged to the standard output stream in Spring Session

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

1 year ago

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

12 hours ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

12 hours ago

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

12 hours ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

15 hours ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

16 hours ago