WebSocket - API Security Blog

Spring Tips: Learn Spring for GraphQL (the last two episodes: parts 7 and 8)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead [Rossen Stoyanchev (@rstoya05)]() - whose ...

24 июня, 2022

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...

23 июня, 2022

Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...

23 июня, 2022

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...

23 июня, 2022

Overview of F5 vulnerabilities (May 2022)

On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 de ...

23 июня, 2022

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.Read More ...

23 июня, 2022

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.Read More ...

23 июня, 2022

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.Read More ...

23 июня, 2022