org.springframework:spring-context

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework:spring-contextpage 1 of 1

CVE-2022-22968MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.2.21.RELEASE
2022-04-14
vulnerable: 1.0 ... 5.2.9.RELEASE (206 versions)
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with bot…
CVE-2024-38820LOWCVSS 3.1EG 3.1
2024-10-18
vulnerable: 1.0 ... 5.3.9 (251 versions)
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
CVE-2025-22233LOWCVSS 3.1EG 3.1
2025-05-16
vulnerable: 1.0 ... 5.3.9 (251 versions)
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. …

Check whether org.springframework:spring-context is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework:spring-context CVEs against the assets you own.

Start Free Scan →