org.springframework:spring

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework:springpage 1 of 1

CVE-2010-1622NONECVSS 0.0EG 0.0✓ Fixed in 3.0.3
2010-06-21
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a …
CVE-2021-22096MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.3.11
2021-10-28
vulnerable: 5.3.0 ... 5.3.9 (11 versions)
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2023-20860HIGHCVSS 7.5EG 7.5✓ Fixed in 5.3.26
2023-03-27
vulnerable: 5.3.0 ... 5.3.9 (26 versions)
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the pot…

Check whether org.springframework:spring is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework:spring CVEs against the assets you own.

Start Free Scan →