Admins better Spring into action over latest critical open source vuln

October 29, 2024 at 10:42AM A critical-severity vulnerability (CVE-2024-38821) has been disclosed for Spring WebFlux applications, potentially allowing security rule bypass when specific conditions are met. While Spring rates it as critical (9.1 CVSS), some, like IBM, assess it as moderate (7.4). Updated versions are available for affected releases. ### Meeting Notes Takeaways **Vulnerability Disclosure:** … Read more

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

January 22, 2024 at 12:06PM New software supply chain attack method MavenGate targets public and popular libraries used in Java and Android apps. Vulnerabilities allow hijacking of artifacts and injecting malicious code. Oversecured sent reports to tech companies. Attack involves domain name purchases and exploiting abandoned libraries. Sonatype claims automation prevents attacks, but recommends end … Read more