pkg:maven/org.springframework/spring-web
Type
maven
Namespace
org.springframework
Name
spring-web
Known advisories, vulnerabilities and fixes for org.springframework/spring-web package.
Critical
1
High
4
Moderate
4
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 6.1.0, < 6.1.6 >= 6.0.0, < 6.0.19 < 5.3.34 |
CVE-2024-22262
|
 MAVEN:GHSA-2WRP-6FG6-HMC5
|
Spring Framework URL Parsing with Host Validation | high |
2024-04-16T06:30:28
(5 months ago) |
|
| Fixed | = 6.1.6 = 6.0.19 = 5.3.34 |
CVE-2024-22262
|
MAVEN:GHSA-2WRP-6FG6-HMC5
|
Spring Framework URL Parsing with Host Validation | high |
2024-04-16T06:30:28
(5 months ago) |
|
| Affected | < 6.0.0 |
CVE-2016-1000027
|
MAVEN:GHSA-4WRC-F8PQ-FPQP
|
Pivotal Spring Framework contains unsafe Java deserialization methods | critical |
2022-05-24T17:05:30
(2 years ago) |
|
| Fixed | = 6.0.0 |
CVE-2016-1000027
|
MAVEN:GHSA-4WRC-F8PQ-FPQP
|
Pivotal Spring Framework contains unsafe Java deserialization methods | critical |
2022-05-24T17:05:30
(2 years ago) |
|
| Affected | = 5.0.0.RC2 >= 4.0.0, < 4.1.7 < 3.2.14 |
CVE-2015-3192
|
MAVEN:GHSA-6V7W-535J-RQ5M
|
Pivotal Spring Framework DoS Attack with XML Input | moderate |
2018-10-17T20:29:12
(6 years ago) |
|
| Fixed | = 5.0.0.RC3 = 4.1.7 = 3.2.14 |
CVE-2015-3192
|
MAVEN:GHSA-6V7W-535J-RQ5M
|
Pivotal Spring Framework DoS Attack with XML Input | moderate |
2018-10-17T20:29:12
(6 years ago) |
|
| Affected | >= 4.3.0, < 4.3.18 >= 5.0.0, < 5.0.7 |
CVE-2018-11039
|
MAVEN:GHSA-9GCM-F4X3-8JPW
|
Spring Framework Cross Site Tracing (XST) | moderate |
2018-10-16T17:35:54
(6 years ago) |
|
| Fixed | = 4.3.18 = 5.0.7 |
CVE-2018-11039
|
MAVEN:GHSA-9GCM-F4X3-8JPW
|
Spring Framework Cross Site Tracing (XST) | moderate |
2018-10-16T17:35:54
(6 years ago) |
|
| Affected | >= 5.3.0, < 5.3.32 >= 6.0.0, < 6.0.17 >= 6.1.0, < 6.1.4 |
CVE-2024-22243
|
MAVEN:GHSA-CCGV-VJ62-XF9H
|
Spring Web vulnerable to Open Redirect or Server Side Request Forgery | high |
2024-02-23T06:30:31
(6 months ago) |
|
| Fixed | = 5.3.32 = 6.0.17 = 6.1.4 |
CVE-2024-22243
|
MAVEN:GHSA-CCGV-VJ62-XF9H
|
Spring Web vulnerable to Open Redirect or Server Side Request Forgery | high |
2024-02-23T06:30:31
(6 months ago) |
|
| Affected | <= 3.2.4.RELEASE |
CVE-2013-6429
|
MAVEN:GHSA-G6HF-F9CQ-Q7W7
|
Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
| Fixed | = 3.2.5.RELEASE |
CVE-2013-6429
|
MAVEN:GHSA-G6HF-F9CQ-Q7W7
|
Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
| Affected | >= 5.3.0, <= 5.3.6 >= 5.2.0, <= 5.2.14 |
CVE-2021-22118
|
MAVEN:GHSA-GFWJ-FWQJ-FP3V
|
Improper Privilege Management in Spring Framework | high |
2022-05-24T19:03:28
(2 years ago) |
|
| Fixed | = 5.3.7 = 5.2.15 |
CVE-2021-22118
|
MAVEN:GHSA-GFWJ-FWQJ-FP3V
|
Improper Privilege Management in Spring Framework | high |
2022-05-24T19:03:28
(2 years ago) |
|
| Affected | < 5.3.33 >= 6.0.0, < 6.0.18 >= 6.1.0, < 6.1.5 |
CVE-2024-22259
|
MAVEN:GHSA-HGJH-9RJ2-G67J
|
Spring Framework URL Parsing with Host Validation Vulnerability | high |
2024-03-16T06:30:27
(6 months ago) |
|
| Fixed | = 5.3.33 = 6.0.18 = 6.1.5 |
CVE-2024-22259
|
MAVEN:GHSA-HGJH-9RJ2-G67J
|
Spring Framework URL Parsing with Host Validation Vulnerability | high |
2024-03-16T06:30:27
(6 months ago) |
|
| Affected | <= 3.2.1.RELEASE |
CVE-2013-6430
|
MAVEN:GHSA-XJRF-8X4F-43H4
|
Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-05T00:29:18
(2 years ago) |
|
| Fixed | = 3.2.2.RELEASE |
CVE-2013-6430
|
MAVEN:GHSA-XJRF-8X4F-43H4
|
Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-05T00:29:18
(2 years ago) |