CRITICAL9.8CVE-2016-1000027Pivotal Spring Framework contains unsafe Java deserialization methods from 0, < 6.0.0
HIGH8.1CVE-2024-22262Spring Framework URL Parsing with Host Validation from 0, < 5.3.34
HIGH8.1CVE-2024-22259Spring Framework URL Parsing with Host Validation Vulnerability >= 6.1.0, < 6.1.5
HIGH8.1Spring Web vulnerable to Open Redirect or Server Side Request Forgery
>= 6.1.0, < 6.1.4
HIGH7.8Improper Privilege Management in Spring Framework
>= 5.2.0, < 5.2.15
MEDIUM6.5Spring Framework vulnerable to a reflected file download (RFD)
>= 6.2.0, < 6.2.8
MEDIUM5.9libspring-java - security update
>= 5.0.0, < 5.0.7
MEDIUM5.5Pivotal Spring Framework DoS Attack with XML Input
from 0, < 3.2.14
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Spring Framework
from 0, < 3.2.2.RELEASE
MEDIUM5.3Spring Framework DataBinder Case Sensitive Match Exception
>= 6.1.0, < 6.1.14
MEDIUM5.3Spring Framework DoS via conditional HTTP request
from 0, < 5.3.38
—libspring-java - several
from 0, < 3.2.5.RELEASE