1. Home
  2. Packages
  3. maven
  4. org.springframework
  5. spring-webmvc

pkg:maven/org.springframework/spring-webmvc

Type maven
Namespace org.springframework
Name spring-webmvc

Known advisories, vulnerabilities and fixes for org.springframework/spring-webmvc package.

Repository
https://mvnrepository.com/artifact/org.springframework/spring-webmvc
Critical 1
High 5
Moderate 4
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 4.3.0, < 4.3.5 >= 4.2.0, < 4.2.9 < 3.2.18 CVE-2016-9878
maven MAVEN:GHSA-2M8H-FGR8-2Q9W Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized high 2018-10-04T20:29:55
(6 years ago)
Fixed = 4.3.5 = 4.2.9 = 3.2.18 CVE-2016-9878
maven MAVEN:GHSA-2M8H-FGR8-2Q9W Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized high 2018-10-04T20:29:55
(6 years ago)
Affected < 5.2.20.RELEASE >= 5.3.0, < 5.3.18 CVE-2022-22965
maven MAVEN:GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework critical 2022-03-31T18:30:50
(2 years ago)
Fixed = 5.2.20.RELEASE = 5.3.18 CVE-2022-22965
maven MAVEN:GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework critical 2022-03-31T18:30:50
(2 years ago)
Affected >= 5.2.0, < 5.2.3 CVE-2020-5397
maven MAVEN:GHSA-7PM4-G2QJ-J85X CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux moderate 2020-01-21T20:59:33
(4 years ago)
Fixed = 5.2.3 CVE-2020-5397
maven MAVEN:GHSA-7PM4-G2QJ-J85X CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux moderate 2020-01-21T20:59:33
(4 years ago)
Affected >= 4.0.0, < 4.0.2 < 3.2.8 CVE-2014-0054
maven MAVEN:GHSA-8CMM-QJ8G-FCP6 Cross-Site Request Forgery in Spring Framework moderate 2022-05-13T01:02:38
(2 years ago)
Fixed = 4.0.2 = 3.2.8 CVE-2014-0054
maven MAVEN:GHSA-8CMM-QJ8G-FCP6 Cross-Site Request Forgery in Spring Framework moderate 2022-05-13T01:02:38
(2 years ago)
Affected >= 5.0.0.RELEASE, < 5.0.16.RELEASE >= 5.1.0.RELEASE, < 5.1.13.RELEASE >= 5.2.0.RELEASE, < 5.2.3.RELEASE CVE-2020-5398
maven MAVEN:GHSA-8WX2-9Q48-VM9R RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application high 2020-01-21T20:59:09
(4 years ago)
Fixed = 5.0.16.RELEASE = 5.1.13.RELEASE = 5.2.3.RELEASE CVE-2020-5398
maven MAVEN:GHSA-8WX2-9Q48-VM9R RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application high 2020-01-21T20:59:09
(4 years ago)
Affected < 5.3.40 >= 6.0.0, < 6.0.24 >= 6.1.0, < 6.1.13 CVE-2024-38816
maven MAVEN:GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks high 2024-09-13T06:30:42
(3 days ago)
Fixed = 5.3.40 = 6.0.24 = 6.1.13 CVE-2024-38816
maven MAVEN:GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks high 2024-09-13T06:30:42
(3 days ago)
Affected >= 3.0.0, < 3.2.8 >= 4.0.0, < 4.0.5 CVE-2014-0225
maven MAVEN:GHSA-F93F-G33R-8PCP Improper Restriction of XML External Entity Reference in Spring Framework high 2022-05-13T01:02:39
(2 years ago)
Fixed = 3.2.8 = 4.0.5 CVE-2014-0225
maven MAVEN:GHSA-F93F-G33R-8PCP Improper Restriction of XML External Entity Reference in Spring Framework high 2022-05-13T01:02:39
(2 years ago)
Affected >= 4.0.0, <= 4.0.1.RELEASE >= 3.0.0, <= 3.2.7.RELEASE CVE-2014-1904
maven MAVEN:GHSA-FF7P-JQJM-V66H Improper Neutralization of Input During Web Page Generation in Spring Framework moderate 2022-05-14T01:14:55
(2 years ago)
Fixed = 4.0.2.RELEASE = 3.2.8.RELEASE CVE-2014-1904
maven MAVEN:GHSA-FF7P-JQJM-V66H Improper Neutralization of Input During Web Page Generation in Spring Framework moderate 2022-05-14T01:14:55
(2 years ago)
Affected >= 4.1.0, < 4.1.2 >= 4.0.0, < 4.0.8 >= 3.0.4, < 3.2.12 CVE-2014-3625
maven MAVEN:GHSA-HHM4-HWQ6-3C6W Improper Limitation of a Pathname to a Restricted Directory in Spring Framework moderate 2022-05-13T01:02:39
(2 years ago)
Fixed = 4.1.2 = 4.0.8 = 3.2.12 CVE-2014-3625
maven MAVEN:GHSA-HHM4-HWQ6-3C6W Improper Limitation of a Pathname to a Restricted Directory in Spring Framework moderate 2022-05-13T01:02:39
(2 years ago)
Affected >= 6.0.0, < 6.0.14 CVE-2023-34053
maven MAVEN:GHSA-V94H-HVHG-MF9H Spring Framework vulnerable to denial of service high 2023-11-28T09:30:27
(9 months ago)
Fixed = 6.0.14 CVE-2023-34053
maven MAVEN:GHSA-V94H-HVHG-MF9H Spring Framework vulnerable to denial of service high 2023-11-28T09:30:27
(9 months ago)