VMware

Spring Framework

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.16%
  • Veröffentlicht 09.06.2026 03:50:48
  • Zuletzt bearbeitet 27.06.2026 21:16:29

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0...

  • EPSS 0.13%
  • Veröffentlicht 09.06.2026 03:50:39
  • Zuletzt bearbeitet 27.06.2026 21:16:29

A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Af...

  • EPSS 0.34%
  • Veröffentlicht 09.06.2026 03:50:34
  • Zuletzt bearbeitet 27.06.2026 21:16:29

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

  • EPSS 0.4%
  • Veröffentlicht 09.06.2026 03:50:29
  • Zuletzt bearbeitet 27.06.2026 21:16:29

Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

  • EPSS 0.31%
  • Veröffentlicht 09.06.2026 03:50:20
  • Zuletzt bearbeitet 27.06.2026 21:16:29

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

  • EPSS 0.25%
  • Veröffentlicht 09.06.2026 03:50:15
  • Zuletzt bearbeitet 26.06.2026 16:21:49

Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.

  • EPSS 0.17%
  • Veröffentlicht 09.06.2026 03:49:15
  • Zuletzt bearbeitet 27.06.2026 21:16:28

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 th...

  • EPSS 0.34%
  • Veröffentlicht 29.04.2026 12:16:18
  • Zuletzt bearbeitet 04.05.2026 14:50:16

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring W...

  • EPSS 0.34%
  • Veröffentlicht 29.04.2026 12:16:18
  • Zuletzt bearbeitet 04.05.2026 14:51:28

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume availab...

  • EPSS 0.24%
  • Veröffentlicht 29.04.2026 12:16:18
  • Zuletzt bearbeitet 04.05.2026 14:51:05

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux *...