Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022. Wallarm SOC team already uses its exploitation in the wild. Vulnerability This vulnerability affects Spring Data MongoDB applications using repository query methods that are annotated with @Query or @Aggregation and use parameterized SpEL statements. A…
We want to share this update regarding the critical Confluence 0-day vulnerability (CVE-2022-26134). On June 02, 2022 Atlassian released a…
Not only is RSAC back in person, but API security is coming to the forefront. Wallarm, the G2 leader in…
On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository.…
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those…
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component.…
Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly…
Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell (very severe, exploited in the…
This is the largest vulnerability we have seen in years. You may still be vulnerable even if your project is…
Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts…