VMware

Spring Framework

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.57%
  • Veröffentlicht 16.03.2024 05:15:20
  • Zuletzt bearbeitet 10.06.2025 15:55:48

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.or...

  • EPSS 3.97%
  • Veröffentlicht 23.02.2024 05:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/6...

  • EPSS 1.05%
  • Veröffentlicht 22.01.2024 13:15:25
  • Zuletzt bearbeitet 20.06.2025 19:15:31

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: ...

  • EPSS 1.15%
  • Veröffentlicht 28.11.2023 09:15:06
  • Zuletzt bearbeitet 13.02.2025 17:16:34

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: *...

  • EPSS 1.12%
  • Veröffentlicht 13.04.2023 20:15:07
  • Zuletzt bearbeitet 07.02.2025 17:15:23

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

  • EPSS 3.51%
  • Veröffentlicht 27.03.2023 22:15:21
  • Zuletzt bearbeitet 19.02.2025 19:15:12

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for ...

  • EPSS 0.97%
  • Veröffentlicht 23.03.2023 21:15:19
  • Zuletzt bearbeitet 25.02.2025 16:15:33

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

  • EPSS 3.13%
  • Veröffentlicht 12.05.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:47:43

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

  • EPSS 1.98%
  • Veröffentlicht 12.05.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:47:42

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model o...

  • EPSS 5.67%
  • Veröffentlicht 14.04.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:47:42

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and...