In this project we took care of searching and studying some of the CVE Vulnerabilities that affect open-source Java web applications based on the Spring Framework.
In particular we have focused on searching Projects affected by Injection Vulnerabilities and carried on our activities by analysing these projects using two different static source code analysis tools and producing exploitation examples that could easily be reproduced by deploying the applications.
In this repository it is possible to find 5 different projects affected by 6 different injection CVEs that were thoroughly analysed and for which detailed reports were produced by us.
- CVE-2022-24815
- SpringBootMovie (CVE-2022-28588 and CVE-2022-29001)
- CVE-2021-42392
- CVE-2020-19704
- CVE-2018-17369