org.springframework.boot:spring-boot-cassandra

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework.boot:spring-boot-cassandrapage 1 of 1

CVE-2026-40974MEDIUMCVSS 5.0EG 5.0
2026-04-28
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16),…
CVE-2026-40975MEDIUMCVSS 4.8EG 4.8
2026-04-28
Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Sprin…
CVE-2026-40977MEDIUMCVSS 4.7EG 4.7
2026-04-28
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 …

Check whether org.springframework.boot:spring-boot-cassandra is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.boot:spring-boot-cassandra CVEs against the assets you own.

Start Free Scan →