CRITICAL9.8CVE-2022-22965⚠ KEVRemote Code Execution in Spring Framework from 0, < 5.2.20.RELEASE
CRITICAL9.1CVE-2023-20860Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch >= 6.0.0, < 6.0.7
HIGH8.8Improper Restriction of XML External Entity Reference in Spring Framework
>= 4.0.0, < 4.0.5
HIGH7.5Spring Framework Path Traversal vulnerability
>= 6.1.0, < 6.1.14
HIGH7.5Path traversal vulnerability in functional web frameworks
>= 6.1.0, < 6.1.13
HIGH7.5Spring Framework vulnerable to denial of service
>= 6.0.0, < 6.0.14
HIGH7.5RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
>= 5.2.0.RELEASE, < 5.2.3.RELEASE
HIGH7.5Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
from 0, < 3.2.18
MEDIUM5.9Spring Framework Improper Path Limitation with Script View Templates
>= 7.0.0-M1, < 7.0.6
MEDIUM5.9Spring Framework MVC Applications Path Traversal Vulnerability
>= 6.2.0, < 6.2.10
MEDIUM5.3Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
>= 7.0.0, < 7.0.7
MEDIUM5.3Spring MVC controller vulnerable to a DoS attack
>= 5.3.0, < 5.3.42
MEDIUM5.3CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
>= 5.2.0, < 5.2.3
LOW2.6Spring MVC and WebFlux has Server Sent Event stream corruption
>= 7.0.0-M1, < 7.0.6
NONE0.0Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
>= 7.0.0, < 7.0.7
—Improper Neutralization of Input During Web Page Generation in Spring Framework
>= 3.0.0, < 3.2.8.RELEASE
—Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
>= 3.0.4, < 3.2.12
—libspring-java - security update
from 0, < 3.2.8