CVE-2024-22259
- EPSS 2.57%
- Veröffentlicht 16.03.2024 05:15:20
- Zuletzt bearbeitet 10.06.2025 15:55:48
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.or...
CVE-2024-22243
- EPSS 3.97%
- Veröffentlicht 23.02.2024 05:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...
CVE-2024-22233
- EPSS 1.05%
- Veröffentlicht 22.01.2024 13:15:25
- Zuletzt bearbeitet 20.06.2025 19:15:31
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: ...
CVE-2023-34053
- EPSS 1.15%
- Veröffentlicht 28.11.2023 09:15:06
- Zuletzt bearbeitet 13.02.2025 17:16:34
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: *...
CVE-2023-20863
- EPSS 1.12%
- Veröffentlicht 13.04.2023 20:15:07
- Zuletzt bearbeitet 07.02.2025 17:15:23
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20860
- EPSS 3.51%
- Veröffentlicht 27.03.2023 22:15:21
- Zuletzt bearbeitet 19.02.2025 19:15:12
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for ...
CVE-2023-20861
- EPSS 0.97%
- Veröffentlicht 23.03.2023 21:15:19
- Zuletzt bearbeitet 25.02.2025 16:15:33
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2022-22971
- EPSS 3.13%
- Veröffentlicht 12.05.2022 20:15:15
- Zuletzt bearbeitet 21.11.2024 06:47:43
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CVE-2022-22970
- EPSS 1.98%
- Veröffentlicht 12.05.2022 20:15:15
- Zuletzt bearbeitet 21.11.2024 06:47:42
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model o...
CVE-2022-22968
- EPSS 5.67%
- Veröffentlicht 14.04.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:47:42
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and...