pkg:maven/org.springframework/spring
Type
maven
Namespace
org.springframework
Name
spring
Known advisories, vulnerabilities and fixes for org.springframework/spring package.
Critical
1
Moderate
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 5.3.0, < 5.3.26 >= 6.0.0, < 6.0.7 |
CVE-2023-20860
|
MAVEN:GHSA-7PHW-CXX7-Q9VQ | Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch | critical |
2023-03-28T00:34:28
(17 months ago) |
|
Fixed | = 5.3.26 = 6.0.7 |
CVE-2023-20860
|
MAVEN:GHSA-7PHW-CXX7-Q9VQ | Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch | critical |
2023-03-28T00:34:28
(17 months ago) |
|
Affected | >= 5.3.0, <= 5.3.10 |
CVE-2021-22096
|
MAVEN:GHSA-RFMP-97JJ-H8M6 | Improper Output Neutralization for Logs in Spring Framework | moderate |
2022-05-24T19:19:04
(2 years ago) |
|
Fixed | = 5.3.11 |
CVE-2021-22096
|
MAVEN:GHSA-RFMP-97JJ-H8M6 | Improper Output Neutralization for Logs in Spring Framework | moderate |
2022-05-24T19:19:04
(2 years ago) |
|
Affected | >= 3.0.0, <= 3.0.2 >= 2.5.0, <= 2.5.6 |
CVE-2010-1622
|
MAVEN:GHSA-VPR3-F594-MG5G | Improper Control of Generation of Code ('Code Injection') in Spring Framework | moderate |
2022-05-17T03:28:34
(2 years ago) |
|
Fixed | = 3.0.3 = 2.5.7 |
CVE-2010-1622
|
MAVEN:GHSA-VPR3-F594-MG5G | Improper Control of Generation of Code ('Code Injection') in Spring Framework | moderate |
2022-05-17T03:28:34
(2 years ago) |