pkg:maven/org.springframework/spring-web
Type
maven
Namespace
org.springframework
Name
spring-web
Known advisories, vulnerabilities and fixes for org.springframework/spring-web package.
Critical
1
High
4
Moderate
4
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 6.1.0, < 6.1.6 >= 6.0.0, < 6.0.19 < 5.3.34 |
CVE-2024-22262
|
MAVEN:GHSA-2WRP-6FG6-HMC5 | Spring Framework URL Parsing with Host Validation | high |
2024-04-16T06:30:28
(5 months ago) |
|
Fixed | = 6.1.6 = 6.0.19 = 5.3.34 |
CVE-2024-22262
|
MAVEN:GHSA-2WRP-6FG6-HMC5 | Spring Framework URL Parsing with Host Validation | high |
2024-04-16T06:30:28
(5 months ago) |
|
Affected | < 6.0.0 |
CVE-2016-1000027
|
MAVEN:GHSA-4WRC-F8PQ-FPQP | Pivotal Spring Framework contains unsafe Java deserialization methods | critical |
2022-05-24T17:05:30
(2 years ago) |
|
Fixed | = 6.0.0 |
CVE-2016-1000027
|
MAVEN:GHSA-4WRC-F8PQ-FPQP | Pivotal Spring Framework contains unsafe Java deserialization methods | critical |
2022-05-24T17:05:30
(2 years ago) |
|
Affected | = 5.0.0.RC2 >= 4.0.0, < 4.1.7 < 3.2.14 |
CVE-2015-3192
|
MAVEN:GHSA-6V7W-535J-RQ5M | Pivotal Spring Framework DoS Attack with XML Input | moderate |
2018-10-17T20:29:12
(6 years ago) |
|
Fixed | = 5.0.0.RC3 = 4.1.7 = 3.2.14 |
CVE-2015-3192
|
MAVEN:GHSA-6V7W-535J-RQ5M | Pivotal Spring Framework DoS Attack with XML Input | moderate |
2018-10-17T20:29:12
(6 years ago) |
|
Affected | >= 4.3.0, < 4.3.18 >= 5.0.0, < 5.0.7 |
CVE-2018-11039
|
MAVEN:GHSA-9GCM-F4X3-8JPW | Spring Framework Cross Site Tracing (XST) | moderate |
2018-10-16T17:35:54
(6 years ago) |
|
Fixed | = 4.3.18 = 5.0.7 |
CVE-2018-11039
|
MAVEN:GHSA-9GCM-F4X3-8JPW | Spring Framework Cross Site Tracing (XST) | moderate |
2018-10-16T17:35:54
(6 years ago) |
|
Affected | >= 5.3.0, < 5.3.32 >= 6.0.0, < 6.0.17 >= 6.1.0, < 6.1.4 |
CVE-2024-22243
|
MAVEN:GHSA-CCGV-VJ62-XF9H | Spring Web vulnerable to Open Redirect or Server Side Request Forgery | high |
2024-02-23T06:30:31
(6 months ago) |
|
Fixed | = 5.3.32 = 6.0.17 = 6.1.4 |
CVE-2024-22243
|
MAVEN:GHSA-CCGV-VJ62-XF9H | Spring Web vulnerable to Open Redirect or Server Side Request Forgery | high |
2024-02-23T06:30:31
(6 months ago) |
|
Affected | <= 3.2.4.RELEASE |
CVE-2013-6429
|
MAVEN:GHSA-G6HF-F9CQ-Q7W7 | Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
Fixed | = 3.2.5.RELEASE |
CVE-2013-6429
|
MAVEN:GHSA-G6HF-F9CQ-Q7W7 | Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
Affected | >= 5.3.0, <= 5.3.6 >= 5.2.0, <= 5.2.14 |
CVE-2021-22118
|
MAVEN:GHSA-GFWJ-FWQJ-FP3V | Improper Privilege Management in Spring Framework | high |
2022-05-24T19:03:28
(2 years ago) |
|
Fixed | = 5.3.7 = 5.2.15 |
CVE-2021-22118
|
MAVEN:GHSA-GFWJ-FWQJ-FP3V | Improper Privilege Management in Spring Framework | high |
2022-05-24T19:03:28
(2 years ago) |
|
Affected | < 5.3.33 >= 6.0.0, < 6.0.18 >= 6.1.0, < 6.1.5 |
CVE-2024-22259
|
MAVEN:GHSA-HGJH-9RJ2-G67J | Spring Framework URL Parsing with Host Validation Vulnerability | high |
2024-03-16T06:30:27
(6 months ago) |
|
Fixed | = 5.3.33 = 6.0.18 = 6.1.5 |
CVE-2024-22259
|
MAVEN:GHSA-HGJH-9RJ2-G67J | Spring Framework URL Parsing with Host Validation Vulnerability | high |
2024-03-16T06:30:27
(6 months ago) |
|
Affected | <= 3.2.1.RELEASE |
CVE-2013-6430
|
MAVEN:GHSA-XJRF-8X4F-43H4 | Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-05T00:29:18
(2 years ago) |
|
Fixed | = 3.2.2.RELEASE |
CVE-2013-6430
|
MAVEN:GHSA-XJRF-8X4F-43H4 | Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-05T00:29:18
(2 years ago) |