1. Home
  2. Packages
  3. maven
  4. org.springframework
  5. spring-core

pkg:maven/org.springframework/spring-core

Type maven
Namespace org.springframework
Name spring-core

Known advisories, vulnerabilities and fixes for org.springframework/spring-core package.

Repository
https://mvnrepository.com/artifact/org.springframework/spring-core
Critical 2
High 10
Moderate 12
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 5.0.0, < 5.0.5 < 4.3.16 CVE-2018-1275
maven MAVEN:GHSA-3RMV-2PG5-XVQJ Improperly Implemented Security Check for Standard in org.springframework:spring-core critical 2018-10-17T20:28:00
(6 years ago)
Fixed = 5.0.5 = 4.3.16 CVE-2018-1275
maven MAVEN:GHSA-3RMV-2PG5-XVQJ Improperly Implemented Security Check for Standard in org.springframework:spring-core critical 2018-10-17T20:28:00
(6 years ago)
Affected >= 5.0.0, < 5.0.5 < 4.3.15 CVE-2018-1272
maven MAVEN:GHSA-4487-X383-QPPH Possible privilege escalation in org.springframework:spring-core high 2018-10-17T20:27:47
(6 years ago)
Fixed = 5.0.5 = 4.3.15 CVE-2018-1272
maven MAVEN:GHSA-4487-X383-QPPH Possible privilege escalation in org.springframework:spring-core high 2018-10-17T20:27:47
(6 years ago)
Affected >= 4.1.0, < 4.1.5 CVE-2015-0201
maven MAVEN:GHSA-45VG-2V73-VM62 Moderate severity vulnerability that affects org.springframework:spring-core moderate 2018-10-17T20:28:20
(6 years ago)
Fixed = 4.1.5 CVE-2015-0201
maven MAVEN:GHSA-45VG-2V73-VM62 Moderate severity vulnerability that affects org.springframework:spring-core moderate 2018-10-17T20:28:20
(6 years ago)
Affected < 5.2.23.RELEASE >= 5.3.0, < 5.3.26 >= 6.0.0, < 6.0.7 CVE-2023-20861
maven MAVEN:GHSA-564R-HJ7V-MCR5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression moderate 2023-03-23T21:30:19
(18 months ago)
Fixed = 5.2.23.RELEASE = 5.3.26 = 6.0.7 CVE-2023-20861
maven MAVEN:GHSA-564R-HJ7V-MCR5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression moderate 2023-03-23T21:30:19
(18 months ago)
Affected >= 5.2.0, < 5.2.19 >= 5.3.0, < 5.3.14 CVE-2021-22060
maven MAVEN:GHSA-6GF2-PVQW-37PH Log entry injection in Spring Framework moderate 2022-01-12T23:04:06
(2 years ago)
Fixed = 5.2.19 = 5.3.14 CVE-2021-22060
maven MAVEN:GHSA-6GF2-PVQW-37PH Log entry injection in Spring Framework moderate 2022-01-12T23:04:06
(2 years ago)
Affected < 4.3.1 CVE-2016-5007
maven MAVEN:GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected high 2018-10-17T20:30:12
(6 years ago)
Fixed = 4.3.1 CVE-2016-5007
maven MAVEN:GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected high 2018-10-17T20:30:12
(6 years ago)
Affected = 5.0.5.RELEASE CVE-2018-1258
maven MAVEN:GHSA-CXRJ-66C5-9FMH Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass high 2018-10-17T20:05:49
(6 years ago)
Fixed = 5.0.6.RELEASE CVE-2018-1258
maven MAVEN:GHSA-CXRJ-66C5-9FMH Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass high 2018-10-17T20:05:49
(6 years ago)
Affected >= 4.3.0, < 4.3.18 >= 5.0.0, < 5.0.7 CVE-2018-11040
maven MAVEN:GHSA-F26X-PR96-VW86 Moderate severity vulnerability that affects org.springframework:spring-core moderate 2018-10-16T17:43:45
(6 years ago)
Fixed = 4.3.18 = 5.0.7 CVE-2018-11040
maven MAVEN:GHSA-F26X-PR96-VW86 Moderate severity vulnerability that affects org.springframework:spring-core moderate 2018-10-16T17:43:45
(6 years ago)
Affected >= 3.0.0, < 3.0.6 CVE-2011-2894
maven MAVEN:GHSA-F866-M9MV-2XR3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data moderate 2022-05-14T02:54:56
(2 years ago)
Fixed = 3.0.6 CVE-2011-2894
maven MAVEN:GHSA-F866-M9MV-2XR3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data moderate 2022-05-14T02:54:56
(2 years ago)
Affected < 4.3.20 >= 5.0, < 5.0.10 >= 5.1, < 5.1.1 CVE-2018-15756
maven MAVEN:GHSA-FFVQ-7W96-97P7 Denial of Service in Spring Framework high 2020-06-15T19:34:50
(4 years ago)
Fixed = 4.3.20 = 5.0.10 = 5.1.1 CVE-2018-15756
maven MAVEN:GHSA-FFVQ-7W96-97P7 Denial of Service in Spring Framework high 2020-06-15T19:34:50
(4 years ago)
Affected < 5.2.21 >= 5.3.0, < 5.3.19 CVE-2022-22968
maven MAVEN:GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework high 2022-04-15T00:00:32
(2 years ago)
Fixed = 5.2.21 = 5.3.19 CVE-2022-22968
maven MAVEN:GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework high 2022-04-15T00:00:32
(2 years ago)
Affected < 4.3.15 >= 5.0.0, < 5.0.5 CVE-2018-1271
maven MAVEN:GHSA-G8HW-794C-4J9G Path Traversal in org.springframework:spring-core moderate 2018-10-17T20:07:03
(6 years ago)
Fixed = 4.3.15 = 5.0.5 CVE-2018-1271
maven MAVEN:GHSA-G8HW-794C-4J9G Path Traversal in org.springframework:spring-core moderate 2018-10-17T20:07:03
(6 years ago)
Affected >= 5.3.0, < 5.3.20 <= 5.2.21.RELEASE CVE-2022-22970
maven MAVEN:GHSA-HH26-6XWR-GGV7 Denial of service in Spring Framework high 2022-05-13T00:00:28
(2 years ago)
Fixed = 5.3.20 = 5.2.22.RELEASE CVE-2022-22970
maven MAVEN:GHSA-HH26-6XWR-GGV7 Denial of service in Spring Framework high 2022-05-13T00:00:28
(2 years ago)
Affected < 4.3.16 >= 5.0.0, < 5.0.5 CVE-2018-1270
maven MAVEN:GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints critical 2018-10-17T20:05:59
(6 years ago)
Fixed = 4.3.16 = 5.0.5 CVE-2018-1270
maven MAVEN:GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints critical 2018-10-17T20:05:59
(6 years ago)
Affected < 3.2.15 >= 4.2.0, < 4.2.2 >= 4.0.0, < 4.1.8 CVE-2015-5211
maven MAVEN:GHSA-PGF9-H69P-PCGF Files or Directories Accessible to External Parties in org.springframework:spring-core high 2018-10-17T20:29:33
(6 years ago)
Fixed = 3.2.15 = 4.2.2 = 4.1.8 CVE-2015-5211
maven MAVEN:GHSA-PGF9-H69P-PCGF Files or Directories Accessible to External Parties in org.springframework:spring-core high 2018-10-17T20:29:33
(6 years ago)
Affected < 6.0.15 >= 6.1.0, < 6.1.2 CVE-2024-22233
maven MAVEN:GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability high 2024-01-22T15:30:23
(7 months ago)
Fixed = 6.0.15 = 6.1.2 CVE-2024-22233
maven MAVEN:GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability high 2024-01-22T15:30:23
(7 months ago)
Affected < 4.3.17 >= 5.0.0, < 5.0.6 CVE-2018-1257
maven MAVEN:GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core moderate 2018-10-17T20:02:20
(6 years ago)
Fixed = 4.3.17 = 5.0.6 CVE-2018-1257
maven MAVEN:GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core moderate 2018-10-17T20:02:20
(6 years ago)
Affected >= 5.2.0, <= 5.2.17 >= 5.3.0, <= 5.3.10 CVE-2021-22096
maven MAVEN:GHSA-RFMP-97JJ-H8M6 Improper Output Neutralization for Logs in Spring Framework moderate 2022-05-24T19:19:04
(2 years ago)
Fixed = 5.2.18 = 5.3.11 CVE-2021-22096
maven MAVEN:GHSA-RFMP-97JJ-H8M6 Improper Output Neutralization for Logs in Spring Framework moderate 2022-05-24T19:19:04
(2 years ago)
Affected >= 4.0.0, < 4.0.5 >= 3.0.0, < 3.2.9 CVE-2014-3578
maven MAVEN:GHSA-RHCG-RWHX-QJ3J Improper Limitation of a Pathname to a Restricted Directory in Spring Framework moderate 2022-05-14T00:56:29
(2 years ago)
Fixed = 4.0.5 = 3.2.9 CVE-2014-3578
maven MAVEN:GHSA-RHCG-RWHX-QJ3J Improper Limitation of a Pathname to a Restricted Directory in Spring Framework moderate 2022-05-14T00:56:29
(2 years ago)
Affected <= 5.2.21.RELEASE >= 5.3.0, < 5.3.20 CVE-2022-22971
maven MAVEN:GHSA-RQPH-VQWM-22VC Allocation of Resources Without Limits or Throttling in Spring Framework moderate 2022-05-13T00:00:29
(2 years ago)
Fixed = 5.2.22.RELEASE = 5.3.20 CVE-2022-22971
maven MAVEN:GHSA-RQPH-VQWM-22VC Allocation of Resources Without Limits or Throttling in Spring Framework moderate 2022-05-13T00:00:29
(2 years ago)
Affected >= 5.0.0, < 5.0.3 >= 4.3.0, < 4.3.14 CVE-2018-1199
maven MAVEN:GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core moderate 2018-10-17T20:01:54
(6 years ago)
Fixed = 5.0.3 = 4.3.14 CVE-2018-1199
maven MAVEN:GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core moderate 2018-10-17T20:01:54
(6 years ago)
Affected >= 1.1.0, <= 2.5.6 CVE-2009-1190
maven MAVEN:GHSA-WJJR-H4WH-W6VV Spring Framework Inefficient Regular Expression Complexity moderate 2022-05-02T03:22:35
(2 years ago)
Fixed = 3.0.0.RELEASE CVE-2009-1190
maven MAVEN:GHSA-WJJR-H4WH-W6VV Spring Framework Inefficient Regular Expression Complexity moderate 2022-05-02T03:22:35
(2 years ago)
Affected >= 2.5.7.SR0, <= 2.5.7.SR022 <= 2.5.6.SEC02 >= 3.0.0, < 3.0.6 CVE-2011-2730
maven MAVEN:GHSA-WV88-PF73-X22P Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework high 2022-05-17T02:16:01
(2 years ago)
Fixed = 2.5.7.SR023 = 2.5.6.SEC03 = 3.0.6 CVE-2011-2730
maven MAVEN:GHSA-WV88-PF73-X22P Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework high 2022-05-17T02:16:01
(2 years ago)
Affected < 5.2.24.RELEASE >= 5.3.0, < 5.3.27 >= 6.0.0, < 6.0.8 CVE-2023-20863
maven MAVEN:GHSA-WXQC-PXW9-G2P8 Spring Framework vulnerable to denial of service high 2023-04-13T21:30:27
(17 months ago)
Fixed = 5.2.24.RELEASE = 5.3.27 = 6.0.8 CVE-2023-20863
maven MAVEN:GHSA-WXQC-PXW9-G2P8 Spring Framework vulnerable to denial of service high 2023-04-13T21:30:27
(17 months ago)