pkg:maven/org.springframework/spring-core
Type
maven
Namespace
org.springframework
Name
spring-core
Known advisories, vulnerabilities and fixes for org.springframework/spring-core package.
Critical
2
High
10
Moderate
12
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 5.0.0, < 5.0.5 < 4.3.16 |
CVE-2018-1275
|
MAVEN:GHSA-3RMV-2PG5-XVQJ | Improperly Implemented Security Check for Standard in org.springframework:spring-core | critical |
2018-10-17T20:28:00
(6 years ago) |
|
Fixed | = 5.0.5 = 4.3.16 |
CVE-2018-1275
|
MAVEN:GHSA-3RMV-2PG5-XVQJ | Improperly Implemented Security Check for Standard in org.springframework:spring-core | critical |
2018-10-17T20:28:00
(6 years ago) |
|
Affected | >= 5.0.0, < 5.0.5 < 4.3.15 |
CVE-2018-1272
|
MAVEN:GHSA-4487-X383-QPPH | Possible privilege escalation in org.springframework:spring-core | high |
2018-10-17T20:27:47
(6 years ago) |
|
Fixed | = 5.0.5 = 4.3.15 |
CVE-2018-1272
|
MAVEN:GHSA-4487-X383-QPPH | Possible privilege escalation in org.springframework:spring-core | high |
2018-10-17T20:27:47
(6 years ago) |
|
Affected | >= 4.1.0, < 4.1.5 |
CVE-2015-0201
|
MAVEN:GHSA-45VG-2V73-VM62 | Moderate severity vulnerability that affects org.springframework:spring-core | moderate |
2018-10-17T20:28:20
(6 years ago) |
|
Fixed | = 4.1.5 |
CVE-2015-0201
|
MAVEN:GHSA-45VG-2V73-VM62 | Moderate severity vulnerability that affects org.springframework:spring-core | moderate |
2018-10-17T20:28:20
(6 years ago) |
|
Affected | < 5.2.23.RELEASE >= 5.3.0, < 5.3.26 >= 6.0.0, < 6.0.7 |
CVE-2023-20861
|
MAVEN:GHSA-564R-HJ7V-MCR5 | Spring Framework vulnerable to denial of service via specially crafted SpEL expression | moderate |
2023-03-23T21:30:19
(18 months ago) |
|
Fixed | = 5.2.23.RELEASE = 5.3.26 = 6.0.7 |
CVE-2023-20861
|
MAVEN:GHSA-564R-HJ7V-MCR5 | Spring Framework vulnerable to denial of service via specially crafted SpEL expression | moderate |
2023-03-23T21:30:19
(18 months ago) |
|
Affected | >= 5.2.0, < 5.2.19 >= 5.3.0, < 5.3.14 |
CVE-2021-22060
|
MAVEN:GHSA-6GF2-PVQW-37PH | Log entry injection in Spring Framework | moderate |
2022-01-12T23:04:06
(2 years ago) |
|
Fixed | = 5.2.19 = 5.3.14 |
CVE-2021-22060
|
MAVEN:GHSA-6GF2-PVQW-37PH | Log entry injection in Spring Framework | moderate |
2022-01-12T23:04:06
(2 years ago) |
|
Affected | < 4.3.1 |
CVE-2016-5007
|
MAVEN:GHSA-8CRV-49FR-2H6J | Spring Security and Spring Framework may not recognize certain paths that should be protected | high |
2018-10-17T20:30:12
(6 years ago) |
|
Fixed | = 4.3.1 |
CVE-2016-5007
|
MAVEN:GHSA-8CRV-49FR-2H6J | Spring Security and Spring Framework may not recognize certain paths that should be protected | high |
2018-10-17T20:30:12
(6 years ago) |
|
Affected | = 5.0.5.RELEASE |
CVE-2018-1258
|
MAVEN:GHSA-CXRJ-66C5-9FMH | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | high |
2018-10-17T20:05:49
(6 years ago) |
|
Fixed | = 5.0.6.RELEASE |
CVE-2018-1258
|
MAVEN:GHSA-CXRJ-66C5-9FMH | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | high |
2018-10-17T20:05:49
(6 years ago) |
|
Affected | >= 4.3.0, < 4.3.18 >= 5.0.0, < 5.0.7 |
CVE-2018-11040
|
MAVEN:GHSA-F26X-PR96-VW86 | Moderate severity vulnerability that affects org.springframework:spring-core | moderate |
2018-10-16T17:43:45
(6 years ago) |
|
Fixed | = 4.3.18 = 5.0.7 |
CVE-2018-11040
|
MAVEN:GHSA-F26X-PR96-VW86 | Moderate severity vulnerability that affects org.springframework:spring-core | moderate |
2018-10-16T17:43:45
(6 years ago) |
|
Affected | >= 3.0.0, < 3.0.6 |
CVE-2011-2894
|
MAVEN:GHSA-F866-M9MV-2XR3 | Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data | moderate |
2022-05-14T02:54:56
(2 years ago) |
|
Fixed | = 3.0.6 |
CVE-2011-2894
|
MAVEN:GHSA-F866-M9MV-2XR3 | Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data | moderate |
2022-05-14T02:54:56
(2 years ago) |
|
Affected | < 4.3.20 >= 5.0, < 5.0.10 >= 5.1, < 5.1.1 |
CVE-2018-15756
|
MAVEN:GHSA-FFVQ-7W96-97P7 | Denial of Service in Spring Framework | high |
2020-06-15T19:34:50
(4 years ago) |
|
Fixed | = 4.3.20 = 5.0.10 = 5.1.1 |
CVE-2018-15756
|
MAVEN:GHSA-FFVQ-7W96-97P7 | Denial of Service in Spring Framework | high |
2020-06-15T19:34:50
(4 years ago) |
|
Affected | < 5.2.21 >= 5.3.0, < 5.3.19 |
CVE-2022-22968
|
MAVEN:GHSA-G5MM-VMX4-3RG7 | Improper handling of case sensitivity in Spring Framework | high |
2022-04-15T00:00:32
(2 years ago) |
|
Fixed | = 5.2.21 = 5.3.19 |
CVE-2022-22968
|
MAVEN:GHSA-G5MM-VMX4-3RG7 | Improper handling of case sensitivity in Spring Framework | high |
2022-04-15T00:00:32
(2 years ago) |
|
Affected | < 4.3.15 >= 5.0.0, < 5.0.5 |
CVE-2018-1271
|
MAVEN:GHSA-G8HW-794C-4J9G | Path Traversal in org.springframework:spring-core | moderate |
2018-10-17T20:07:03
(6 years ago) |
|
Fixed | = 4.3.15 = 5.0.5 |
CVE-2018-1271
|
MAVEN:GHSA-G8HW-794C-4J9G | Path Traversal in org.springframework:spring-core | moderate |
2018-10-17T20:07:03
(6 years ago) |
|
Affected | >= 5.3.0, < 5.3.20 <= 5.2.21.RELEASE |
CVE-2022-22970
|
MAVEN:GHSA-HH26-6XWR-GGV7 | Denial of service in Spring Framework | high |
2022-05-13T00:00:28
(2 years ago) |
|
Fixed | = 5.3.20 = 5.2.22.RELEASE |
CVE-2022-22970
|
MAVEN:GHSA-HH26-6XWR-GGV7 | Denial of service in Spring Framework | high |
2022-05-13T00:00:28
(2 years ago) |
|
Affected | < 4.3.16 >= 5.0.0, < 5.0.5 |
CVE-2018-1270
|
MAVEN:GHSA-P5HG-3XM3-GCJG | Spring Framework allows applications to expose STOMP over WebSocket endpoints | critical |
2018-10-17T20:05:59
(6 years ago) |
|
Fixed | = 4.3.16 = 5.0.5 |
CVE-2018-1270
|
MAVEN:GHSA-P5HG-3XM3-GCJG | Spring Framework allows applications to expose STOMP over WebSocket endpoints | critical |
2018-10-17T20:05:59
(6 years ago) |
|
Affected | < 3.2.15 >= 4.2.0, < 4.2.2 >= 4.0.0, < 4.1.8 |
CVE-2015-5211
|
MAVEN:GHSA-PGF9-H69P-PCGF | Files or Directories Accessible to External Parties in org.springframework:spring-core | high |
2018-10-17T20:29:33
(6 years ago) |
|
Fixed | = 3.2.15 = 4.2.2 = 4.1.8 |
CVE-2015-5211
|
MAVEN:GHSA-PGF9-H69P-PCGF | Files or Directories Accessible to External Parties in org.springframework:spring-core | high |
2018-10-17T20:29:33
(6 years ago) |
|
Affected | < 6.0.15 >= 6.1.0, < 6.1.2 |
CVE-2024-22233
|
MAVEN:GHSA-R4Q3-7G4Q-X89M | Spring Framework server Web DoS Vulnerability | high |
2024-01-22T15:30:23
(7 months ago) |
|
Fixed | = 6.0.15 = 6.1.2 |
CVE-2024-22233
|
MAVEN:GHSA-R4Q3-7G4Q-X89M | Spring Framework server Web DoS Vulnerability | high |
2024-01-22T15:30:23
(7 months ago) |
|
Affected | < 4.3.17 >= 5.0.0, < 5.0.6 |
CVE-2018-1257
|
MAVEN:GHSA-RCPF-VJ53-7H2M | Denial of Service in org.springframework:spring-core | moderate |
2018-10-17T20:02:20
(6 years ago) |
|
Fixed | = 4.3.17 = 5.0.6 |
CVE-2018-1257
|
MAVEN:GHSA-RCPF-VJ53-7H2M | Denial of Service in org.springframework:spring-core | moderate |
2018-10-17T20:02:20
(6 years ago) |
|
Affected | >= 5.2.0, <= 5.2.17 >= 5.3.0, <= 5.3.10 |
CVE-2021-22096
|
MAVEN:GHSA-RFMP-97JJ-H8M6 | Improper Output Neutralization for Logs in Spring Framework | moderate |
2022-05-24T19:19:04
(2 years ago) |
|
Fixed | = 5.2.18 = 5.3.11 |
CVE-2021-22096
|
MAVEN:GHSA-RFMP-97JJ-H8M6 | Improper Output Neutralization for Logs in Spring Framework | moderate |
2022-05-24T19:19:04
(2 years ago) |
|
Affected | >= 4.0.0, < 4.0.5 >= 3.0.0, < 3.2.9 |
CVE-2014-3578
|
MAVEN:GHSA-RHCG-RWHX-QJ3J | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | moderate |
2022-05-14T00:56:29
(2 years ago) |
|
Fixed | = 4.0.5 = 3.2.9 |
CVE-2014-3578
|
MAVEN:GHSA-RHCG-RWHX-QJ3J | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | moderate |
2022-05-14T00:56:29
(2 years ago) |
|
Affected | <= 5.2.21.RELEASE >= 5.3.0, < 5.3.20 |
CVE-2022-22971
|
MAVEN:GHSA-RQPH-VQWM-22VC | Allocation of Resources Without Limits or Throttling in Spring Framework | moderate |
2022-05-13T00:00:29
(2 years ago) |
|
Fixed | = 5.2.22.RELEASE = 5.3.20 |
CVE-2022-22971
|
MAVEN:GHSA-RQPH-VQWM-22VC | Allocation of Resources Without Limits or Throttling in Spring Framework | moderate |
2022-05-13T00:00:29
(2 years ago) |
|
Affected | >= 5.0.0, < 5.0.3 >= 4.3.0, < 4.3.14 |
CVE-2018-1199
|
MAVEN:GHSA-V596-FWHQ-8X48 | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | moderate |
2018-10-17T20:01:54
(6 years ago) |
|
Fixed | = 5.0.3 = 4.3.14 |
CVE-2018-1199
|
MAVEN:GHSA-V596-FWHQ-8X48 | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | moderate |
2018-10-17T20:01:54
(6 years ago) |
|
Affected | >= 1.1.0, <= 2.5.6 |
CVE-2009-1190
|
MAVEN:GHSA-WJJR-H4WH-W6VV | Spring Framework Inefficient Regular Expression Complexity | moderate |
2022-05-02T03:22:35
(2 years ago) |
|
Fixed | = 3.0.0.RELEASE |
CVE-2009-1190
|
MAVEN:GHSA-WJJR-H4WH-W6VV | Spring Framework Inefficient Regular Expression Complexity | moderate |
2022-05-02T03:22:35
(2 years ago) |
|
Affected | >= 2.5.7.SR0, <= 2.5.7.SR022 <= 2.5.6.SEC02 >= 3.0.0, < 3.0.6 |
CVE-2011-2730
|
MAVEN:GHSA-WV88-PF73-X22P | Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework | high |
2022-05-17T02:16:01
(2 years ago) |
|
Fixed | = 2.5.7.SR023 = 2.5.6.SEC03 = 3.0.6 |
CVE-2011-2730
|
MAVEN:GHSA-WV88-PF73-X22P | Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework | high |
2022-05-17T02:16:01
(2 years ago) |
|
Affected | < 5.2.24.RELEASE >= 5.3.0, < 5.3.27 >= 6.0.0, < 6.0.8 |
CVE-2023-20863
|
MAVEN:GHSA-WXQC-PXW9-G2P8 | Spring Framework vulnerable to denial of service | high |
2023-04-13T21:30:27
(17 months ago) |
|
Fixed | = 5.2.24.RELEASE = 5.3.27 = 6.0.8 |
CVE-2023-20863
|
MAVEN:GHSA-WXQC-PXW9-G2P8 | Spring Framework vulnerable to denial of service | high |
2023-04-13T21:30:27
(17 months ago) |