pkg:maven/org.springframework/spring-webmvc
Type
maven
Namespace
org.springframework
Name
spring-webmvc
Known advisories, vulnerabilities and fixes for org.springframework/spring-webmvc package.
Critical
1
High
5
Moderate
4
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 4.3.0, < 4.3.5 >= 4.2.0, < 4.2.9 < 3.2.18 |
CVE-2016-9878
|
MAVEN:GHSA-2M8H-FGR8-2Q9W | Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized | high |
2018-10-04T20:29:55
(6 years ago) |
|
Fixed | = 4.3.5 = 4.2.9 = 3.2.18 |
CVE-2016-9878
|
MAVEN:GHSA-2M8H-FGR8-2Q9W | Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized | high |
2018-10-04T20:29:55
(6 years ago) |
|
Affected | < 5.2.20.RELEASE >= 5.3.0, < 5.3.18 |
CVE-2022-22965
|
MAVEN:GHSA-36P3-WJMG-H94X | Remote Code Execution in Spring Framework | critical |
2022-03-31T18:30:50
(2 years ago) |
|
Fixed | = 5.2.20.RELEASE = 5.3.18 |
CVE-2022-22965
|
MAVEN:GHSA-36P3-WJMG-H94X | Remote Code Execution in Spring Framework | critical |
2022-03-31T18:30:50
(2 years ago) |
|
Affected | >= 5.2.0, < 5.2.3 |
CVE-2020-5397
|
MAVEN:GHSA-7PM4-G2QJ-J85X | CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux | moderate |
2020-01-21T20:59:33
(4 years ago) |
|
Fixed | = 5.2.3 |
CVE-2020-5397
|
MAVEN:GHSA-7PM4-G2QJ-J85X | CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux | moderate |
2020-01-21T20:59:33
(4 years ago) |
|
Affected | >= 4.0.0, < 4.0.2 < 3.2.8 |
CVE-2014-0054
|
MAVEN:GHSA-8CMM-QJ8G-FCP6 | Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:38
(2 years ago) |
|
Fixed | = 4.0.2 = 3.2.8 |
CVE-2014-0054
|
MAVEN:GHSA-8CMM-QJ8G-FCP6 | Cross-Site Request Forgery in Spring Framework | moderate |
2022-05-13T01:02:38
(2 years ago) |
|
Affected | >= 5.0.0.RELEASE, < 5.0.16.RELEASE >= 5.1.0.RELEASE, < 5.1.13.RELEASE >= 5.2.0.RELEASE, < 5.2.3.RELEASE |
CVE-2020-5398
|
MAVEN:GHSA-8WX2-9Q48-VM9R | RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application | high |
2020-01-21T20:59:09
(4 years ago) |
|
Fixed | = 5.0.16.RELEASE = 5.1.13.RELEASE = 5.2.3.RELEASE |
CVE-2020-5398
|
MAVEN:GHSA-8WX2-9Q48-VM9R | RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application | high |
2020-01-21T20:59:09
(4 years ago) |
|
Affected | < 5.3.40 >= 6.0.0, < 6.0.24 >= 6.1.0, < 6.1.13 |
CVE-2024-38816
|
MAVEN:GHSA-CX7F-G6MP-7HQM | Path traversal vulnerability in functional web frameworks | high |
2024-09-13T06:30:42
(3 days ago) |
|
Fixed | = 5.3.40 = 6.0.24 = 6.1.13 |
CVE-2024-38816
|
MAVEN:GHSA-CX7F-G6MP-7HQM | Path traversal vulnerability in functional web frameworks | high |
2024-09-13T06:30:42
(3 days ago) |
|
Affected | >= 3.0.0, < 3.2.8 >= 4.0.0, < 4.0.5 |
CVE-2014-0225
|
MAVEN:GHSA-F93F-G33R-8PCP | Improper Restriction of XML External Entity Reference in Spring Framework | high |
2022-05-13T01:02:39
(2 years ago) |
|
Fixed | = 3.2.8 = 4.0.5 |
CVE-2014-0225
|
MAVEN:GHSA-F93F-G33R-8PCP | Improper Restriction of XML External Entity Reference in Spring Framework | high |
2022-05-13T01:02:39
(2 years ago) |
|
Affected | >= 4.0.0, <= 4.0.1.RELEASE >= 3.0.0, <= 3.2.7.RELEASE |
CVE-2014-1904
|
MAVEN:GHSA-FF7P-JQJM-V66H | Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-14T01:14:55
(2 years ago) |
|
Fixed | = 4.0.2.RELEASE = 3.2.8.RELEASE |
CVE-2014-1904
|
MAVEN:GHSA-FF7P-JQJM-V66H | Improper Neutralization of Input During Web Page Generation in Spring Framework | moderate |
2022-05-14T01:14:55
(2 years ago) |
|
Affected | >= 4.1.0, < 4.1.2 >= 4.0.0, < 4.0.8 >= 3.0.4, < 3.2.12 |
CVE-2014-3625
|
MAVEN:GHSA-HHM4-HWQ6-3C6W | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
Fixed | = 4.1.2 = 4.0.8 = 3.2.12 |
CVE-2014-3625
|
MAVEN:GHSA-HHM4-HWQ6-3C6W | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | moderate |
2022-05-13T01:02:39
(2 years ago) |
|
Affected | >= 6.0.0, < 6.0.14 |
CVE-2023-34053
|
MAVEN:GHSA-V94H-HVHG-MF9H | Spring Framework vulnerable to denial of service | high |
2023-11-28T09:30:27
(9 months ago) |
|
Fixed | = 6.0.14 |
CVE-2023-34053
|
MAVEN:GHSA-V94H-HVHG-MF9H | Spring Framework vulnerable to denial of service | high |
2023-11-28T09:30:27
(9 months ago) |