pkg:Debian/libspring-java

All known vulnerabilities

• CRITICAL9.8CVE-2022-22965⚠ KEVRemote Code Execution in Spring Framework
  from 0
• CRITICAL9.8CVE-2016-1000027Pivotal Spring Framework contains unsafe Java deserialization methods
  from 0, < 4.2.7-1
• CRITICAL9.8Spring Framework allows applications to expose STOMP over WebSocket endpoints
  from 0, < 4.3.19-1
• CRITICAL9.1Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
  from 0
• HIGH8.8Improper Restriction of XML External Entity Reference in Spring Framework
  from 0, < 3.0.6.RELEASE-14
• HIGH8.6Files or Directories Accessible to External Parties in org.springframework:spring-core
  from 0, < 4.1.9-1
• HIGH8.1In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.supp…
  from 0
• HIGH8.1Spring Framework URL Parsing with Host Validation
  from 0
• HIGH8.1Spring Framework URL Parsing with Host Validation Vulnerability
  from 0
• HIGH8.1Spring Web vulnerable to Open Redirect or Server Side Request Forgery
  from 0
• HIGH7.5Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (…
  from 0
• HIGH7.5An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL).
  from 0
• HIGH7.5Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
  from 0
• HIGH7.5Spring Framework annotation detection mechanism may result in improper authorization
  from 0
• HIGH7.5Spring Framework Path Traversal vulnerability
  from 0
• HIGH7.5Path traversal vulnerability in functional web frameworks
  from 0
• HIGH7.5Spring Framework vulnerable to denial of service
  from 0
• HIGH7.5Denial of service in Spring Framework
  from 0
• HIGH7.5Improper handling of case sensitivity in Spring Framework
  from 0
• HIGH7.5Denial of Service in Spring Framework
  from 0, < 4.3.21-1
• HIGH7.5Spring Security and Spring Framework may not recognize certain paths that should be protected
  from 0, < 4.3.2-1
• HIGH7.5Possible privilege escalation in org.springframework:spring-core
  from 0, < 4.3.19-1
• HIGH7.5Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
  from 0, < 4.3.5-1
• HIGH7.1Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially…
  from 0
• MEDIUM6.5Spring Framework vulnerable to denial of service via specially crafted SpEL expression
  from 0
• MEDIUM6.5Allocation of Resources Without Limits or Throttling in Spring Framework
  from 0
• MEDIUM6.5Allocation of Resources Without Limits or Throttling in Spring Framework
  from 0
• MEDIUM6.5Improper Input Validation in Spring Framework
  from 0, < 4.3.30-1
• MEDIUM6.5Denial of Service in org.springframework:spring-core
  from 0, < 4.3.19-1
• MEDIUM6.3Signature forgery in Spring Boot's Loader
  from 0
• MEDIUM5.9Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arb…
  from 0
• MEDIUM5.9Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
  from 0
• MEDIUM5.9Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
  from 0
• MEDIUM5.9Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
  from 0
• MEDIUM5.9Spring Framework Improper Path Limitation with Script View Templates
  from 0
• MEDIUM5.9Spring Framework MVC Applications Path Traversal Vulnerability
  from 0
• MEDIUM5.9Moderate severity vulnerability that affects org.springframework:spring-core
  from 0, < 4.3.19-1
• MEDIUM5.9libspring-java - security update
  from 0, < 4.3.5-1+deb9u1
• MEDIUM5.9libspring-java - security update
  from 0, < 4.3.19-1
• MEDIUM5.5Pivotal Spring Framework DoS Attack with XML Input
  from 0, < 4.1.9-1
• MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Spring Framework
  from 0, < 3.0.6.RELEASE-11
• MEDIUM5.3Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
  from 0
• MEDIUM5.3Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack…
  from 0
• MEDIUM5.3Spring MVC controller vulnerable to a DoS attack
  from 0
• MEDIUM5.3Spring Framework DataBinder Case Sensitive Match Exception
  from 0
• MEDIUM5.3Spring Framework DoS via conditional HTTP request
  from 0
• MEDIUM5.3Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
  from 0, < 4.3.14-1
• MEDIUM4.8Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
  from 0
• MEDIUM4.8IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in comb…
  from 0
• MEDIUM4.3Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
  from 0
• MEDIUM4.3Spring Framework vulnerable to Denial of Service
  from 0
• MEDIUM4.3Improper Output Neutralization for Logs in Spring Framework
  from 0
• MEDIUM4.3Log entry injection in Spring Framework
  from 0
• MEDIUM4.2A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an a…
  from 0
• MEDIUM4.2A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation…
  from 0
• LOW3.7A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within res…
  from 0
• LOW3.7Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which i…
  from 0
• LOW3.7Spring LDAP data exposure vulnerability
  from 0
• LOW3.1Spring Framework DataBinder Case Sensitive Match Exception
  from 0
• LOW2.6Spring MVC and WebFlux has Server Sent Event stream corruption
  from 0
• NONE0.0Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
  from 0
• NONE0.0Spring Framework DoS with Multipart Temp Files in WebFlux
  from 0
• —Improper Neutralization of Input During Web Page Generation in Spring Framework
  from 0, < 3.0.6.RELEASE-13
• —libspring-java - security update
  from 0, < 3.2.13-1
• —libspring-java - security update
  from 0, < 3.0.6.RELEASE-17+deb8u1
• —libspring-java - several
  from 0, < 3.0.6.RELEASE-6+deb7u2
• —libspring-java - several
  from 0, < 3.0.6.RELEASE-11
• —Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
  from 0, < 3.2.13-1
• —libspring-java - security update
  from 0, < 3.0.6.RELEASE-6+deb7u3
• —libspring-java - security update
  from 0, < 3.0.6.RELEASE-13
• —libspring-java - several
  from 0, < 3.0.6.RELEASE-6+deb7u1
• —Missing XML Validation in Spring Framework
  from 0, < 3.0.6.RELEASE-10
• —libspring-java - several
  from 0, < 3.0.6.RELEASE-10