{"vulnerability": "cve-2021-2209", "sightings": [{"uuid": "4e86b587-0e82-4703-8c68-60aac1684972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22096", "type": "seen", "source": "https://t.me/arpsyndicate/3151", "content": "#ExploitObserverAlert\n\nCVE-2021-22060\n\nDESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-22060. In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.\n\nFIRST-EPSS: 0.000540000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T01:31:50.000000Z"}, {"uuid": "e097b236-4f90-462a-8946-c5d228f70f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22095", "type": "seen", "source": "https://t.me/cibsecurity/33142", "content": "\u203c CVE-2021-22095 \u203c\n\nIn Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T22:34:53.000000Z"}, {"uuid": "86789671-a1e8-4053-9490-f91857f03923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22096", "type": "seen", "source": "https://t.me/cibsecurity/31401", "content": "\u203c CVE-2021-22096 \u203c\n\nIn Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T20:17:24.000000Z"}, {"uuid": "2979f2ad-a06c-41b8-86de-005f2cfc45d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22097", "type": "seen", "source": "https://t.me/cibsecurity/31398", "content": "\u203c CVE-2021-22097 \u203c\n\nIn Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T20:17:21.000000Z"}, {"uuid": "0ba4f1d4-5866-4e1c-a5b3-c943579aac48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22096", "type": "seen", "source": "https://t.me/arpsyndicate/3238", "content": "#ExploitObserverAlert\n\nCVE-2021-22096\n\nDESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2021-22096. In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.\n\nFIRST-EPSS: 0.000790000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T06:45:41.000000Z"}, {"uuid": "3b541fce-ce3a-4533-9ae4-962dfb3a5056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22098", "type": "seen", "source": "https://t.me/cibsecurity/27191", "content": "\u203c CVE-2021-22098 \u203c\n\nUAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims\u00e2\u20ac\u2122 accounts in certain cases along with redirection of UAA users to a malicious sites.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T00:38:48.000000Z"}, {"uuid": "bb05d7bb-9539-447e-935e-06f070075a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22096", "type": "seen", "source": "https://t.me/VulnerabilityNews/26025", "content": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.\nPublished at: January 10, 2022 at 03:10PM\nView on website", "creation_timestamp": "2022-01-10T16:42:30.000000Z"}]}