org.springframework.cloud:spring-cloud-config-server
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.springframework.cloud:spring-cloud-config-serverpage 1 of 1
- CVE-2019-3799MEDIUMCVSS 6.5EG 9.0✓ Fixed in 2.1.22019-05-06
vulnerable: 2.1.0.RELEASE, 2.1.1.RELEASE
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-…
- CVE-2020-5405MEDIUMCVSS 6.5EG 9.0✓ Fixed in 2.2.22020-03-05
vulnerable: 2.2.0.RELEASE, 2.2.1.RELEASE
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or…
- CVE-2020-5410HIGHCVSS 7.5EG 9.0⚠ KEV✓ Fixed in 2.2.32020-06-02
vulnerable: 2.2.0.RELEASE, 2.2.1.RELEASE, 2.2.2.RELEASE
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or…
- CVE-2026-40982CRITICALCVSS 9.1EG 9.1✓ Fixed in 5.0.32026-05-07
vulnerable: 5.0.0, 5.0.1, 5.0.2
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory tr…
- CVE-2026-41002HIGHCVSS 7.2EG 7.2✓ Fixed in 5.0.32026-05-07
vulnerable: 5.0.0, 5.0.1, 5.0.2
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 …
- CVE-2026-41004MEDIUMCVSS 4.4EG 4.4✓ Fixed in 5.0.32026-05-07
vulnerable: 5.0.0, 5.0.1, 5.0.2
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Suppo…
Check whether org.springframework.cloud:spring-cloud-config-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.cloud:spring-cloud-config-server CVEs against the assets you own.
Start Free Scan →