cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-31691,https://securityvulnerability.io/vulnerability/CVE-2022-31691,Remote Code Execution Vulnerability in Spring Tools and Extensions by VMware,"The vulnerability affects Spring Tools 4 for Eclipse and various extensions in VSCode that utilize the Snakeyaml library for YAML handling. Under specific conditions, this vulnerability permits attackers to execute arbitrary code remotely, posing a significant risk to users of these tools. Versions 4.16.0 and earlier of Spring Tools for Eclipse, along with specific versions of Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor, and Cloudfoundry Manifest YML Support, all exhibit this flaw, highlighting the need for immediate attention and action.",Vmware,Spring By Vmware,9.8,CRITICAL,0.0047900001518428326,false,,false,false,true,2022-11-17T13:09:03.000Z,true,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-31692,https://securityvulnerability.io/vulnerability/CVE-2022-31692,Authorization Bypass Vulnerability in Spring Security by VMware,"The vulnerability affects Spring Security when specific configurations are present in the application. If an application utilizes Spring Security's AuthorizationFilter, expecting it to enforce security on forward and include dispatcher types, and if these dispatcher types are applied to requests that target higher-privileged endpoints, the security implementation may be bypassed. Applications must ensure proper security configurations to mitigate the risk of unauthorized access due to this flaw. For more details, refer to the related advisories.",Vmware,Spring By Vmware,9.8,CRITICAL,0.0012400000123307109,false,,false,false,true,2023-10-29T17:31:23.000Z,true,false,false,,2022-10-31T00:00:00.000Z,0