VMware

Spring Framework

49 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-41249

  • EPSS 0.05%
  • Published 16.09.2025 10:15:34
  • Last modified 16.09.2025 20:15:35

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization ...

5.9

CVE-2025-41242

  • EPSS 0.09%
  • Published 18.08.2025 08:47:07
  • Last modified 18.08.2025 20:16:28

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR ...

6.5

CVE-2025-41234

  • EPSS 0.18%
  • Published 12.06.2025 21:14:42
  • Last modified 16.06.2025 12:32:18

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename at...

5.3

CVE-2024-38820

  • EPSS 0.07%
  • Published 18.10.2024 06:15:03
  • Last modified 29.11.2024 12:15:07

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

5.3

CVE-2024-38809

  • EPSS 0.06%
  • Published 27.09.2024 17:15:12
  • Last modified 21.11.2024 09:26:51

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size l...

4.3

CVE-2024-38808

  • EPSS 0.27%
  • Published 20.08.2024 08:15:05
  • Last modified 18.06.2025 12:10:28

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an ap...

8.1

CVE-2024-22262

  • EPSS 6.25%
  • Published 16.04.2024 06:15:46
  • Last modified 13.02.2025 18:16:47

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...

8.1

CVE-2024-22259

  • EPSS 30.51%
  • Published 16.03.2024 05:15:20
  • Last modified 10.06.2025 15:55:48

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.or...

8.1

CVE-2024-22243

  • EPSS 48.23%
  • Published 23.02.2024 05:15:08
  • Last modified 13.02.2025 18:16:47

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...

7.5

CVE-2024-22233

  • EPSS 1.14%
  • Published 22.01.2024 13:15:25
  • Last modified 20.06.2025 19:15:31

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: ...