[Git][security-tracker-team/security-tracker][master] new libspring-security-2.0-java issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 10 11:59:47 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8cb15bda by Moritz Muehlenhoff at 2026-06-10T12:59:20+02:00
new libspring-security-2.0-java issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -238,27 +238,33 @@ CVE-2026-41714 (Applications that configure their broker connection via RabbitCo
CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a Denial o ...)
NOT-FOR-US: VMware
CVE-2026-41706 (Spring Security's CookieRequestCache and CookieServerRequestCache stor ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41706
CVE-2026-41701 (Correlation IDs for replies in the RabbitTemplate.sendAndReceive() wit ...)
NOT-FOR-US: VMware
CVE-2026-41697 (Spring Data Relational does not properly escape binding values of exte ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with @Query tha ...)
NOT-FOR-US: VMware
CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial of servic ...)
NOT-FOR-US: VMware
CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as elements ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41694
CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint performs ...)
- TODO: check
+ - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+ NOTE: https://spring.io/security/cve-2026-41008
CVE-2026-41003 (An attacker able to influence values in RelyingPartyRegistration may b ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41003
CVE-2026-40993 (An attacker with write permissions to the database table managed by Jd ...)
- TODO: check
+ - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+ NOTE: https://spring.io/security/cve-2026-40993
CVE-2026-40991 (When using spring-restdocs-webtestclient or spring-restdocs-restassure ...)
NOT-FOR-US: VMware
CVE-2026-40988 (An application using spring-security-saml2-service-provider and the RE ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-40988
CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2026-34713 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/d330df3f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list