VMware

Spring Framework

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-38809

  • EPSS 0.14%
  • Veröffentlicht 27.09.2024 17:15:12
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size l...

4.3

CVE-2024-38808

  • EPSS 0.81%
  • Veröffentlicht 20.08.2024 08:15:05
  • Zuletzt bearbeitet 18.06.2025 12:10:28

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an ap...

8.1

CVE-2024-22262

  • EPSS 12.63%
  • Veröffentlicht 16.04.2024 06:15:46
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...

8.1

CVE-2024-22259

  • EPSS 56.4%
  • Veröffentlicht 16.03.2024 05:15:20
  • Zuletzt bearbeitet 10.06.2025 15:55:48

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.or...

8.1

CVE-2024-22243

  • EPSS 59.59%
  • Veröffentlicht 23.02.2024 05:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...

7.5

CVE-2024-22233

  • EPSS 1.54%
  • Veröffentlicht 22.01.2024 13:15:25
  • Zuletzt bearbeitet 20.06.2025 19:15:31

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: ...

7.5

CVE-2023-34053

  • EPSS 0.61%
  • Veröffentlicht 28.11.2023 09:15:06
  • Zuletzt bearbeitet 13.02.2025 17:16:34

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: *...

6.5

CVE-2023-20863

  • EPSS 1.18%
  • Veröffentlicht 13.04.2023 20:15:07
  • Zuletzt bearbeitet 07.02.2025 17:15:23

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

7.5

CVE-2023-20860

  • EPSS 56.28%
  • Veröffentlicht 27.03.2023 22:15:21
  • Zuletzt bearbeitet 19.02.2025 19:15:12

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for ...

6.5

CVE-2023-20861

  • EPSS 0.54%
  • Veröffentlicht 23.03.2023 21:15:19
  • Zuletzt bearbeitet 25.02.2025 16:15:33

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.