Blog Home
Spring Security - CVE-2023-34034

Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept
August 08, 2023

Spring Security’s newly released versions contain a fix for a broken access control vulnerability – CVE-2023-34034 – which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers. Given the severe potential impact of the vulnerability on Spring WebFlux applications (that use Spring Security for authentication and access control), its …

Read More
OpenSSH Pre-Auth Double Free CVE-2023-25136 Writeup and PoC

OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept
February 08, 2023

OpenSSH’s newly released version 9.2p1 contains a fix for a double-free vulnerability. Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. This blog post provides details on the vulnerability, who is affected, …

Read More

Popular Tags